How to configure CA Privileged Identity Manager Endpoint to send seaudit logs to syslog

book

Article ID: 36443

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

This document explains How to configure CA Privileged Identity Manager Endpoint to send seos audit logs to syslog. This article will help in case you have a syslog collector for all your endpoints and you need to collect CA Privileged Identity Manager Endpoint seos audit logs along with syslogs.

 

Environment

Privileged Identity Manager 12.8 endpoints

Resolution

CA PIM Agent :  CA Privileged Identity Manager Endpoint Agent

<INSTALL_DIRECTORY> : The directory where CA PIM Agent is installed

>> : Text which follows this symbol is to be executed on the endpoint server

Note : Login to the server as a user who has admin rights on seosdb

 

      1. Stop CA PIM Agent

        >> <INSTALL_DIRECTORY>/AccessControl/bin/secons -sk

      2. Edit (If not exists , create),  <INSTALL_DIRECTORY>/AccessControl/log/selogrd.cfg and add the below rule to it.

         Rule#1
         syslog LOG_INFO
         .

      3. Note that '.' at the end of the rule is mandatory and Save the file.

      4. Restart CA PIM Agent.

        >>  <INSTALL_DIRECTORY>/AccessControl/bin/seload

      5. Restart selogrd daemon.

        >> <INSTALL_DIRECTORY>/AccessControl/bin/selogrd

      6. Restart syslogd on the server.

Now you will be able to see the seos audit logs in messages file.

Additional Information

These are the different levels of seos audit that can be configurable as different rules in  selogrd.cfg

LOG_EMERG //System is unusable.
LOG_ALERT //Action must be taken immediately.
LOG_CRIT //Critical conditions.
LOG_ERR //Error conditions.
LOG_WARNING //Warning conditions.
LOG_NOTICE //Normal but significant condition.
LOG_INFO //Informational.
LOG_DEBUG //Debug-level messages.