How do you setup SELOGRD to send events to syslog
To enable Control Minder to send logs to syslog the selogrd syslog library must be properly installed on the selogrd extension file on each endpoint.
The /opt/CA/AccessControl/etc/selogrd.ext must contain, at least, the following line:
Once the selogrd extensions are loaded you may start creating syslog rules in selogrd.cfg.
Note: The file extension may vary depending on the platform. By default the syslog extension file is placed in /opt/CA/AccessControl/apisamples/selogrd. You must copy the proper file to the proper location.
#Log routing rule to redirect logs to syslog
The above rule sends LOGIN/LOGOUT and sesudo audit records to syslog and excludes any START/SHUTDOWN record.