selogrd

In the [selogrd] section, the tokens control the behavior of the log routing daemons selogrd and selogrcd.
capamsc141
In the [selogrd] section, the tokens control the behavior of the log routing daemons selogrd and selogrcd.
  • Caudit_size
    Specifies the maximum size, in KB, of the audit collection file, before selogrcd creates a backup file and opens a new file.
    The minimum value is 50 KB.
    Default:
    1024
  • CBackUp_Date
    Sets the criterion by which selogrcd performs the backup.
    Valid values include: none, yes, daily, weekly, and monthly.
    If you specify
    yes
    ,
    Privileged Access Manager
    performs backups according to the size limit token Caudit_size and timestamps the file.
    If you specify
    none
    Privileged Access Manager
    performs the backup according to the Caudit_size token but it does not timestamp the file.
    If you specify
    daily
    ,
    weekly
    , or
    monthly
    , selogrcd adds a timestamp when it first creates the file. When the current date passes the timestamp, 
    Privileged Access Manager
    automatically creates a backup file and timestamps it.
    However, if the size of the file exceeds the value of the Caudit_size token first, 
    Privileged Access Manager
    creates a backup file without issuing a timestamp.
    Default:
    NONE
  • ChangeLogFactor
    Specifies the factor applied to the value in the token
    Interval
    before testing whether the log file was changed to a backup file. For example, if the
    Interval
    token is set to 5 and the
    ChangeLogFactor
    token is set to 5 (the default), 
    Privileged Access Manager
    waits 25 seconds before checking whether the log file was changed to a backup file.
    Default:
    5
  • CipherName
    Specifies the name of the file that contains the encryption functions used by selogrd if the UseEncryption token is set to eTrust.
    This file must be placed in the
    ACInstallDir
    /lib/ directory.
    The CipherName is a symbolic link to a shared object file.
    Default:
    adcipher
  • CollectFile
    Specifies the name of the file in which the audit collector daemon selogrcd stores the collected audit records.
    Default:
    ACInstallDir
    /log/seos.collect.audit
  • CollectFileBackup
    Specifies the name that selogrcd uses when backing up and renaming the file of collected audit records when it receives the USR1 signal.
    Default:
    ACInstallDir
    /log/seos.collect.bak
  • ConsolePort
    Specifies the name or port number for selogrd - secmon communication. This token is necessary only if you plan to run both selogrcd and secmon on the same host.
    If specified, seolgrd - secmon communication is done using the specified port. Otherwise, they use the port that is specified in the
    ServicePort
    token, or they use RPC portmapper to allocate a port dynamically if that token is also empty. The service name must be a UDP port because the log routing daemon uses UDP for communication.
    If the token value is a number, daemons bind to the specified port number.
    If the token value is a service name (string), /etc/services or NIS services maps are used to resolve the port number.
    Default:
    Token not set (value taken from
    ServicePort
    token)
  • DataFile
    Specifies the name of the file to which the target routing information is written before being delivered to the specified targets.
    Default:
    ACInstallDir
    /log/logroute.dat
  • Interval
    Specifies the time interval, in seconds, between each poll of the log file by the selogrd daemon.
    Default:
    5
  • KeyFile
    Specifies the name of the file that holds the audit encryption key.
    This key is used when selogrd performs 
    Privileged Access Manager
    audit encryption. The location of the key file is the
    ACInstallDir
    /lib directory.
    The key can be changed by sechkey utility.
    Default:
    adcipher.bin
  • Mailer
    Specifies the name of the program that selogrd uses to send email.
    This option is relevant only if you set the UseSmtpMail token to yes.
    Default:
    /bin/mail
  • MaxErrorSending
    Specifies whether selogrd sends error messages to syslog regarding difficulties sending audit records to selogrcd, only after the number of difficulties surpasses this token value.
    The default value is 1: every time selogrd has difficulties sending to selogrcd, it sends a message to syslog.
    Default:
    1
  • MaxSeqNoSleep
    Specifies the maximum number of log records scanned by selogrd without sleeping.
    Default:
    50
  • RefuseUnencrypted
    Specifies whether selogrcd accepts unencrypted audit. It is used with the UseEncryption token and is redundant if UseEncryption is set to
    no
    . It is therefore applicable only if selogrcd uses encryption.
    Valid values are:
    yes
    - refuse unencrypted audit
    no
    - accept both encrypted and unencrypted audit
    Default
    : no
  • ReopenInterval
    Specifies the time (seconds) that selogrd waits to reopen the audit file.
    Default:
    20
  • RouteFile
    Specifies the name of the log routing configuration file. The file is used unless overridden by the -config option of the selogrd utility.
    Default:
    ACInstallDir
    /log/selogrd.cfg
  • SavePeriod
    Specifies the time interval, in minutes, between saving information about the number of records sent.
    Default:
    2
  • sendmail_header_format
    Determines the user name format in the header of mail that selogrd sends.
    Note:
    Change this token value only if selogrd cannot send mail. (That is, if you see an error 4634 from selogrd in your syslog.)
    Valid values include the following:
    1
    -The user name format is
    SmtpMailFrom
    For example: eTrust_Admin
    2
    -The user name format is
    SmtpMailFrom
    @
    hostnam
    e (where
    hostname
    is the host which selogrd runs on).
    For example: eTrust_Admin@machine
    Default:
    1
  • ServicePort
    Specifies the name or port number that the log routing facility must use.
    If specified, selogrd and selogrcd use the specified port. Otherwise selogrd and selogrcd use the RPC portmapper to allocate a port dynamically.
    If the token has a value, selogrd and selogrcd use the specified port. Otherwise, selogrd and selogrcd dynamically allocate a UDP port using the RPC portmapper. The service name must be a UDP port because the log routing daemon uses UDP for communication.
    If the token value is a number, daemons bind to the specified port number.
    If the token value is a service name (string), /etc/services or NIS services maps are used to resolve the port number.
    Only a UDP port/service can be specified.
    Default:
    Token not set (selogrd and selogrcd use RPC portmapper to allocate a port dynamically).
  • SmtpMailFrom
    Specifies the identity of the sender for UseSmtpMail.
    Default:
    AccessControl_Admin
  • SmtpMailServer
    Specifies the address of the remote mail server host. Use this token if UseSmtpMail is set to yes. If you do not specify this token, the local computer is assumed to be the mail server.
    Default:
    (blank - local server)
  • SmtpTimeLimit
    Specifies the time limit, in seconds, that selogrd waits for the mail server to answer before timing out.
    Default:
    100
  • tec_conf_file
    Specifies the name of the configuration file that is used for the TEC event creation by the selogrd daemon.
    Default:
    /etc/tecad_seos.conf
  • UseEncryption
    Determines the type of encryption.
    Valid values include the following:
    native
    -selogrd uses 
    Privileged Access Manager
    standard encryption.
    eTrust
    -selogrd uses audit log encryption through adcipher.
    no
    -selogrd does not use encryption.
    Default:
    no
  • UseSmtpMail
    Determines whether to use the direct mail feature or the previous Mailer.
    Default:
    yes