How to configure CA Privileged Identity Manager Endpoint to send seaudit logs to syslog

book

Article ID: 36443

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Summary:

This document explains How to configure CA Privileged Identity Manager Endpoint to send seos audit logs to syslog.

This article will help , if in case , you have a syslog collector for all your endpoints and you need to collect CA Privileged Identity Manager Endpoint seos audit logs along with syslogs.

 

 

Instructions:

CA PIM Agent :  CA Privileged Identity Manager Endpoint Agent

<INSTALL_DIRECTORY> : The directory where CA PIM Agent is installed

>> : Text which follows this symbol is to be executed on the endpoint server

Note : Login to the server as a user who has admin rights on seosdb

 

      1. Stop CA PIM Agent

        >> <INSTALL_DIRECTORY>/AccessControl/bin/secons -sk

      2. Edit (If not exists , create),  <INSTALL_DIRECTORY>/AccessControl/log/selogrd.cfg and add the below rule to it.

         Rule#1
         syslog LOG_INFO
         .

      3. Note that '.' at the end of the rule is mandatory and Save the file.

      4. Restart CA PIM Agent.

        >>  <INSTALL_DIRECTORY>/AccessControl/bin/seload

      5. Restart selogrd daemon.

        >> <INSTALL_DIRECTORY>/AccessControl/bin/selogrd

      6. Restart syslogd on the server.

Now you will be able to see the seos audit logs in messages file.

 

Additional Information:

These are the different levels of seos audit that can be configurable as different rules in  selogrd.cfg

LOG_EMERG //System is unusable.
LOG_ALERT //Action must be taken immediately.
LOG_CRIT //Critical conditions.
LOG_ERR //Error conditions.
LOG_WARNING //Warning conditions.
LOG_NOTICE //Normal but significant condition.
LOG_INFO //Informational.
LOG_DEBUG //Debug-level messages.

 

 

 

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager
Component: