Set up a Syslog on Red Hat Enterprise Linux 8
The following steps describe how to configure rsyslog on Red Hat Enterprise Linux
8 to receive logs from Deep Security.
-
Log in as root
-
Execute:
vi /etc/rsyslog.conf
-
Uncomment the following lines near the top of the
rsyslog.conf
to change them from:#module(load="imudp")
#input(type="imudp" port="514")
#module(load="imtcp")
#input(type="imtcp" port="514")
tomodule(load="imudp")
input(type="imudp" port="514")
module(load="imtcp")
input(type="imtcp" port="514")
-
Add the following two lines of text to the end of the
rsyslog.conf
:-
#Save Deep Security Manager logs to DSM.log
-
Local4.* /var/log/DSM.log
Note
You may need to replaceLocal4
with another value, depending on your Manager settings. -
-
Save the file and exit
-
Create the
/var/log/DSM.log
file by typingtouch /var/log/DSM.log
-
Set the permissions on the DSM log so that syslog can write to it
-
Save the file and exit
-
Restart syslog:
systemctl restart rsyslog
When Syslog is functioning you will see logs populated in:
/var/log/DSM.log
Set up a Syslog on Red Hat Enterprise Linux 6 or 7
The following steps describe how to configure rsyslog on Red Hat Enterprise Linux
6 or 7 to receive logs from Deep Security.
-
Log in as root
-
Execute:
vi /etc/rsyslog.conf
-
Uncomment the following lines near the top of the
rsyslog.conf
to change them from:$ModLoad imudp
#$UDPServerRun 514
#$ModLoad imtcp
#$InputTCPServerRun 514
to$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
-
Add the following two lines of text to the end of the
rsyslog.conf
:-
#Save Deep Security Manager logs to DSM.log
-
Local4.* /var/log/DSM.log
Note
You may need to replaceLocal4
with another value, depending on your Manager settings. -
-
Save the file and exit
-
Create the
/var/log/DSM.log
file by typingtouch /var/log/DSM.log
-
Set the permissions on the DSM log so that syslog can write to it
-
Save the file and exit
-
Restart syslog:
service rsyslog restart
When Syslog is functioning you will see logs populated in:
/var/log/DSM.log
Set up a Syslog on Red Hat Enterprise Linux 5
The following steps describe how to configure Syslog on Red Hat Enterprise Linux
to receive logs from Deep Security.
-
Log in as root
-
Execute:
vi /etc/syslog.conf
-
Add the following two lines of text to the end of the
syslog.conf
:-
#Save Deep Security Manager logs to DSM.log
-
Local4.* /var/log/DSM.log
Note
You may need to replaceLocal4
with another value, depending on your Manager settings. -
-
Save the file and exit
-
Create the
/var/log/DSM.log
file by typingtouch /var/log/DSM.log
-
Set the permissions on the DSM log so that syslog can write to it
-
Execute:
vi /etc/sysconfig/syslog
-
Modify the line "
SYSLOGD_OPTIONS
" and add a "-r
" to the options -
Save the file and exit
-
Restart syslog:
/etc/init.d/syslog restart
When Syslog is functioning you will see logs populated in:
/var/log/DSM.log