search cancel

Configure Syslog

book

Article ID: 214876

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

 

Questions about the remote syslog option in PAM

 

Cause

Question

I need to send to my syslog server only the PAM's AUDIT log. It's possible? How?

 

Then I also need to estimate the daily log volume for PAM's application log. How can I do that?

Environment

Release : 3.4

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

For the first question, In PAM there is only an on/off switch for syslog server integration. Any filtering has to be done on the syslog server side.

Regarding the second question:
PAM-internal syslog traffic is minimal, the volume is driven by user activity, which is customer-specific. Checking the daily number of session log messages, and reviewing the various Credential Management reports for daily activity will give a good idea on how much traffic volume there will be to the syslog server.