selogrd Daemon Emit Audit Records

Valid on UNIX
capamsc141
Valid on UNIX
Emitter daemon for the 
Privileged Access Manager
log routing system.
Note:
selogrd does not work in IPv6-only environments.
The 
Privileged Access Manager
log routing, daemons selogrd and selogrcd, provide system administrators with convenient, selective access to the audit log records.
The selogrd utility is the emitter daemon. This daemon performs the following tasks:
  • Distributes selected local audit log records to the various destination hosts
  • Reformats audit log records into email messages, ASCII files, or user windows
  • Sends out notification messages that are based on audited events
The 
Privileged Access Manager
daemon must be up and running before the log routing daemons can collect any meaningful information on 
Privileged Access Manager
events. If the 
Privileged Access Manager
daemon is not running, selogrd routes only old audit records.
The log routing daemons use a configuration file to determine where each audit log record is sent, the format in which the log record is written, and which records are routed. By default, selogrd uses the
ACInstallDir
/log/selogrd.cfg audit log route configuration file. The names of the configuration file and other global environment variables that selogrd and selogrcd use are specified in the 
Privileged Access Manager
initialization file, seos.ini.
The selogrd daemon periodically restarts and reads the configuration file. In addition, you can force the selogrd daemon to restart at a specified time. To do so, you must send the following HUP signal:
kill -HUP processID
  • processID
    Defines the selogrd process ID. (Use the UNIX ps command to find it; see your UNIX documentation for more information.)
The selogrd utility provides API access for programmers working under
Privileged Access Manager
. The Logroute API allows programmers to incorporate their own options into the 
Privileged Access Manager
audit log system to support in-house alerts that are not provided by the current log-routing facility. The Logroute API also allows programmers to use the log routing daemons to provide functions to their own programs. For more information about all the 
Privileged Access Manager
APIs, see the
SDK Developer Guide
.
This command has the following format:
selogrd [-audit fileName] [-config fileName] [-d] \
[-data fileName] [-pmdb policy-model-name]
  • -audit
    fileName
    Defines the audit file to use instead of the file that is listed in seos.ini for the input audit file.
  • -config
    fileName
    Defines the configuration file to use instead of the file that is listed in seos.ini for the configuration file.
  • -d
    Specifies to print debug messages.
  • -data
    fileName
    Defines the data file to use instead of the file that is listed in seos.ini to store routing progress information.
  • -h
    Displays the help for this utility.
  • -pmdb
    policy
    -
    model
    -
    name
    Instructs selogrd where to route audit data from a PMDB. The command tells selogrd to send audit data from the PMDB that you specified in the command, to the audit file that you specified in the audit_log token in the pmd.ini file of the PMDB.
    By default, selogrd uses the data file and lock file that consist of the Policy Model name. If you specify the data file or lock file or both on the command line, those files override the default values. The lock file and data file names should be different from those of the selogrd that route the audit data of the station. selogrd can only support Policy Model names of 12 characters.
    The audit data that is sent from a PMDB appears in the collected audit file as if it comes from a station with the name policy-model-name@station-name