selogrd
In the [selogrd] section, the tokens control the behavior of the log routing daemons selogrd and selogrcd.
capamsc141
In the [selogrd] section, the tokens control the behavior of the log routing daemons selogrd and selogrcd.
- Caudit_sizeSpecifies the maximum size, in KB, of the audit collection file, before selogrcd creates a backup file and opens a new file.The minimum value is 50 KB.Default:1024
- CBackUp_DateSets the criterion by which selogrcd performs the backup.Valid values include: none, yes, daily, weekly, and monthly.If you specifyyes,Privileged Access Managerperforms backups according to the size limit token Caudit_size and timestamps the file.If you specifynone,Privileged Access Managerperforms the backup according to the Caudit_size token but it does not timestamp the file.If you specifydaily,weekly, ormonthly, selogrcd adds a timestamp when it first creates the file. When the current date passes the timestamp,Privileged Access Managerautomatically creates a backup file and timestamps it.However, if the size of the file exceeds the value of the Caudit_size token first,Privileged Access Managercreates a backup file without issuing a timestamp.Default:NONE
- ChangeLogFactorSpecifies the factor applied to the value in the tokenIntervalbefore testing whether the log file was changed to a backup file. For example, if theIntervaltoken is set to 5 and theChangeLogFactortoken is set to 5 (the default),Privileged Access Managerwaits 25 seconds before checking whether the log file was changed to a backup file.Default:5
- CipherNameSpecifies the name of the file that contains the encryption functions used by selogrd if the UseEncryption token is set to eTrust.This file must be placed in theACInstallDir/lib/ directory.The CipherName is a symbolic link to a shared object file.Default:adcipher
- CollectFileSpecifies the name of the file in which the audit collector daemon selogrcd stores the collected audit records.Default:ACInstallDir/log/seos.collect.audit
- CollectFileBackupSpecifies the name that selogrcd uses when backing up and renaming the file of collected audit records when it receives the USR1 signal.Default:ACInstallDir/log/seos.collect.bak
- ConsolePortSpecifies the name or port number for selogrd - secmon communication. This token is necessary only if you plan to run both selogrcd and secmon on the same host.If specified, seolgrd - secmon communication is done using the specified port. Otherwise, they use the port that is specified in theServicePorttoken, or they use RPC portmapper to allocate a port dynamically if that token is also empty. The service name must be a UDP port because the log routing daemon uses UDP for communication.If the token value is a number, daemons bind to the specified port number.If the token value is a service name (string), /etc/services or NIS services maps are used to resolve the port number.Default:Token not set (value taken fromServicePorttoken)
- DataFileSpecifies the name of the file to which the target routing information is written before being delivered to the specified targets.Default:ACInstallDir/log/logroute.dat
- IntervalSpecifies the time interval, in seconds, between each poll of the log file by the selogrd daemon.Default:5
- KeyFileSpecifies the name of the file that holds the audit encryption key.This key is used when selogrd performsPrivileged Access Manageraudit encryption. The location of the key file is theACInstallDir/lib directory.The key can be changed by sechkey utility.Default:adcipher.bin
- MailerSpecifies the name of the program that selogrd uses to send email.This option is relevant only if you set the UseSmtpMail token to yes.Default:/bin/mail
- MaxErrorSendingSpecifies whether selogrd sends error messages to syslog regarding difficulties sending audit records to selogrcd, only after the number of difficulties surpasses this token value.The default value is 1: every time selogrd has difficulties sending to selogrcd, it sends a message to syslog.Default:1
- MaxSeqNoSleepSpecifies the maximum number of log records scanned by selogrd without sleeping.Default:50
- RefuseUnencryptedSpecifies whether selogrcd accepts unencrypted audit. It is used with the UseEncryption token and is redundant if UseEncryption is set tono. It is therefore applicable only if selogrcd uses encryption.Valid values are:yes- refuse unencrypted auditno- accept both encrypted and unencrypted auditDefault: no
- ReopenIntervalSpecifies the time (seconds) that selogrd waits to reopen the audit file.Default:20
- RouteFileSpecifies the name of the log routing configuration file. The file is used unless overridden by the -config option of the selogrd utility.Default:ACInstallDir/log/selogrd.cfg
- SavePeriodSpecifies the time interval, in minutes, between saving information about the number of records sent.Default:2
- sendmail_header_formatDetermines the user name format in the header of mail that selogrd sends.Note:Change this token value only if selogrd cannot send mail. (That is, if you see an error 4634 from selogrd in your syslog.)Valid values include the following:1-The user name format isSmtpMailFromFor example: eTrust_Admin2-The user name format isSmtpMailFrom@hostname (wherehostnameis the host which selogrd runs on).For example: eTrust_Admin@machineDefault:1
- ServicePortSpecifies the name or port number that the log routing facility must use.If specified, selogrd and selogrcd use the specified port. Otherwise selogrd and selogrcd use the RPC portmapper to allocate a port dynamically.If the token has a value, selogrd and selogrcd use the specified port. Otherwise, selogrd and selogrcd dynamically allocate a UDP port using the RPC portmapper. The service name must be a UDP port because the log routing daemon uses UDP for communication.If the token value is a number, daemons bind to the specified port number.If the token value is a service name (string), /etc/services or NIS services maps are used to resolve the port number.Only a UDP port/service can be specified.Default:Token not set (selogrd and selogrcd use RPC portmapper to allocate a port dynamically).
- SmtpMailFromSpecifies the identity of the sender for UseSmtpMail.Default:AccessControl_Admin
- SmtpMailServerSpecifies the address of the remote mail server host. Use this token if UseSmtpMail is set to yes. If you do not specify this token, the local computer is assumed to be the mail server.Default:(blank - local server)
- SmtpTimeLimitSpecifies the time limit, in seconds, that selogrd waits for the mail server to answer before timing out.Default:100
- tec_conf_fileSpecifies the name of the configuration file that is used for the TEC event creation by the selogrd daemon.Default:/etc/tecad_seos.conf
- UseEncryptionDetermines the type of encryption.Valid values include the following:native-selogrd usesPrivileged Access Managerstandard encryption.eTrust-selogrd uses audit log encryption through adcipher.no-selogrd does not use encryption.Default:no
- UseSmtpMailDetermines whether to use the direct mail feature or the previous Mailer.Default:yes