Symantec Privileged Access Management

Expand all | Collapse all

How do you setup SELOGRD to send events to syslog?

  • 1.  How do you setup SELOGRD to send events to syslog?

    Posted 06-03-2015 03:40 PM

    How do you setup SELOGRD to send events to syslog



  • 2.  Re: How do you setup SELOGRD to send events to syslog?

    Posted 06-03-2015 03:45 PM

     

    1. Syslog interface integration

     

    To enable Control Minder to send logs to syslog the selogrd syslog library must be properly installed on the selogrd extension file on each endpoint.

     

    The /opt/CA/AccessControl/etc/selogrd.ext must contain, at least, the following line:

     

            my_syslog          /opt/CA/AccessControl/lib/syslog.so

     

    Once the selogrd extensions are loaded you may start creating syslog rules in selogrd.cfg.

     

    Note: The file extension may vary depending on the platform. By default the syslog extension file is placed in /opt/CA/AccessControl/apisamples/selogrd. You must copy the proper file to the proper location.

     

    #Log routing rule to redirect logs to syslog

     

    Syslogrule

     

    syslog LOG_NOTICE

     

    include Class(*LOG*).

     

    include Class(*SU*).

     

    exclude Class(START).

     

    exclude Class(SHUTDOWN).

     

    .

     

     

     

    The above rule sends LOGIN/LOGOUT and sesudo audit records to syslog and excludes any START/SHUTDOWN record.