1. Syslog interface integration
To enable Control Minder to send logs to syslog the selogrd syslog library must be properly installed on the selogrd extension file on each endpoint.
The /opt/CA/AccessControl/etc/selogrd.ext must contain, at least, the following line:
my_syslog /opt/CA/AccessControl/lib/syslog.so
Once the selogrd extensions are loaded you may start creating syslog rules in selogrd.cfg.
Note: The file extension may vary depending on the platform. By default the syslog extension file is placed in /opt/CA/AccessControl/apisamples/selogrd. You must copy the proper file to the proper location.
#Log routing rule to redirect logs to syslog
Syslogrule
syslog LOG_NOTICE
include Class(*LOG*).
include Class(*SU*).
exclude Class(START).
exclude Class(SHUTDOWN).
.
The above rule sends LOGIN/LOGOUT and sesudo audit records to syslog and excludes any START/SHUTDOWN record.