Configure Red Hat Enterprise Linux to receive event logs | Trend Micro Service Central

web

You’re offline. This is a read only version of the page.

Table of Contents

The page you're looking for can't be found or is under maintenance

Try again later or go to the home page

Go to home page

Configure Red Hat Enterprise Linux to receive event logs

Set up a Syslog on Red Hat Enterprise Linux 8

The following steps describe how to configure rsyslog on Red Hat Enterprise Linux 8 to receive logs from Deep Security.

Log in as root
Execute: vi /etc/rsyslog.conf
Uncomment the following lines near the top of the rsyslog.conf to change them from:

#module(load="imudp")

#input(type="imudp" port="514")

#module(load="imtcp")

#input(type="imtcp" port="514")

to

module(load="imudp")

input(type="imudp" port="514")

module(load="imtcp")

input(type="imtcp" port="514")
Add the following two lines of text to the end of the rsyslog.conf:
- #Save Deep Security Manager logs to DSM.log
- Local4.* /var/log/DSM.log
Note

You may need to replace Local4 with another value, depending on your Manager settings.
Save the file and exit
Create the /var/log/DSM.log file by typing touch /var/log/DSM.log
Set the permissions on the DSM log so that syslog can write to it
Save the file and exit
Restart syslog: systemctl restart rsyslog

When Syslog is functioning you will see logs populated in: /var/log/DSM.log

Set up a Syslog on Red Hat Enterprise Linux 6 or 7

The following steps describe how to configure rsyslog on Red Hat Enterprise Linux 6 or 7 to receive logs from Deep Security.

Log in as root
Execute: vi /etc/rsyslog.conf
Uncomment the following lines near the top of the rsyslog.conf to change them from:

$ModLoad imudp

#$UDPServerRun 514

#$ModLoad imtcp

#$InputTCPServerRun 514

to

$ModLoad imudp

$UDPServerRun 514

$ModLoad imtcp

$InputTCPServerRun 514
Add the following two lines of text to the end of the rsyslog.conf:
- #Save Deep Security Manager logs to DSM.log
- Local4.* /var/log/DSM.log
Note

You may need to replace Local4 with another value, depending on your Manager settings.
Save the file and exit
Create the /var/log/DSM.log file by typing touch /var/log/DSM.log
Set the permissions on the DSM log so that syslog can write to it
Save the file and exit
Restart syslog: service rsyslog restart

When Syslog is functioning you will see logs populated in: /var/log/DSM.log

Set up a Syslog on Red Hat Enterprise Linux 5

The following steps describe how to configure Syslog on Red Hat Enterprise Linux to receive logs from Deep Security.

Log in as root
Execute: vi /etc/syslog.conf
Add the following two lines of text to the end of the syslog.conf :
- #Save Deep Security Manager logs to DSM.log
- Local4.* /var/log/DSM.log
Note

You may need to replace Local4 with another value, depending on your Manager settings.
Save the file and exit
Create the /var/log/DSM.log file by typing touch /var/log/DSM.log
Set the permissions on the DSM log so that syslog can write to it
Execute:

vi /etc/sysconfig/syslog
Modify the line " SYSLOGD_OPTIONS " and add a " -r " to the options
Save the file and exit
Restart syslog: /etc/init.d/syslog restart

When Syslog is functioning you will see logs populated in: /var/log/DSM.log