search cancel

Move the log from /var/log/messages to /var/log/sepfl.log in Endpoint Protection for Linux

book

Article ID: 173131

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When user needs to move the log from /var/log/messages to /var/log/sepfl.log in Symantec Endpoint Protection for Linux (SEPFL), please refer below setting.

Resolution

  1. Edit /etc/sysconfig/rtvscand, then change below infromation and save the changes.
            Change "RTVSCAND_OPTS="-l info"" to "RTVSCAND_OPTS="-f local0 -l info""
  2. Edit /etc/sysconfig/symcfgd, then change below infromation and save the changes.
            Change "SYMCFGD_OPTS="-l info"" to "SYMCFGD_OPTS="-f local0 -l info""
  3. Edit /etc/sysconfig/smcd, then change below infromation and save the changes.
            Change "SMCD_OPTS="-l info"" to "SMCD_OPTS="-f local0 -l info""
  4. Edit /etc/rsyslog.conf, then add below infromation and save the changes.
            local0.*    /var/log/sepfl.log
  5. Edit /etc/rsyslog.conf, then change below infromation and save the changes.
            Change "*.info;mail.none;authpriv.none;cron.none;    var/log/messages" to "*.info;mail.none;authpriv.none;cron.none;local0.none; var/log/messages"
  6. Restart SEPFL service.
            # service symcfgd stop
            # service smcd start
  7. Restart rsyslogd.
            # service rsyslog restart
  8. Confirm log information in below log.
            tail -f /var/log/sepfl.log
            tail -f /var/log/messages