Configure an Endpoint to Send seaudit Logs to syslog
This article explains the procedure to configure endpoint to send seos audit logs to syslog. This procedure is helpful when a syslog collector is installed on an endpoint and you must collect endpoint seos audit logs along with syslogs.
capamsc141
This article explains the procedure to configure
Privileged Access Manager
endpoint to send seos
audit logs to syslog
. This procedure is helpful when a syslog collector is installed on an endpoint and you must collect endpoint seos
audit logs along with syslogs.Follow these steps:
- Stop thePrivileged Access Managerendpoint agent.<INSTALL_DIRECTORY>/PAMSC/bin/secons -sk<INSTALL_DIRECTORY> is the directory where thePrivileged Access Managerendpoint agent is installed.
- Open <INSTALL_DIRECTORY>/PAMSC/log/selogrd.cfg for editing (if it does not exist, create the file). Add the following rule to the file:Rule#1 syslog LOG_INFO .Note:'.' at the end of the rule is mandatory.
- Save the file.
- Restart thePrivileged Access Managerendpoint agent.<INSTALL_DIRECTORY>/PAMSC/bin/seload
- Restart theselogrddaemon.<INSTALL_DIRECTORY>/PAMSC/bin/selogrd
- Restartsyslogdon the server.
Now you can view the
seos
audit logs in the messages file (/var/log/messages).