How to conifigure a Syslog receiver for the EventForwarder in PIM 14.0 without using the GUI
search cancel

How to conifigure a Syslog receiver for the EventForwarder in PIM 14.0 without using the GUI

book

Article ID: 139749

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

When trying to declare a syslog recipient in the ENTM console "System\Connection Management\CA User Activity Reporting\Manage Audit Forwarder",

It returns the error message "Error: Host is not reachable"

We confirmed that TCP communication from the ENTM Server to the Syslog recipient on the given port is enabled.

What is the reason for this error ?

How to configure the syslog recipient  accordingly?

Environment

Release : 14.0

Component : CA ControlMinder

Cause

Reason in this case might be that the ICMP protocol has been blocked.

ICMP is needed for the configuration of the syslog consumer in the EventForwarder GUI.

Note, once setup is complete ICMP can be turned off again.

Resolution

If enabling ICMP is not feasible, to overcome the issue it is possible to directly populate the ENTM's central DB with the relevant values.


Launch these queries against the ENTM database (where 'xx.xx.xx.xx','port_number' is the IP address, port of the sysloghost) :
INSERT INTO EF_CONNECTION VALUES('1','1','AUDIT_FORMAT_CEF','true')
INSERT INTO EF_CONNECTION_DATA VALUES('1','1','1','xx.xx.xx.xx','port_number',NULL,'0')

Powered by Wolken Software