Views:

Set up a Syslog on Red Hat Enterprise Linux 8 or later

The following steps describe how to configure rsyslog on Red Hat Enterprise Linux 8 and later versions to receive logs from Deep Security:
  1. Log in as root.
  2. Execute the following command: 
    vi /etc/rsyslog.conf
  3. Uncomment the following lines near the top of the rsyslog.conf file to change them from:
    #module(load="imudp")
    #input(type="imudp" port="514")
    #module(load="imtcp")
    #input(type="imtcp" port="514")
    to
    module(load="imudp")
    input(type="imudp" port="514")
    module(load="imtcp")
    input(type="imtcp" port="514")
  4. Add the following two lines of text to the end of the rsyslog.conf file:
    • #Save Deep Security Manager logs to DSM.log
    • Local4.* /var/log/DSM.log
      You may need to replace Local4 with another value, depending on your Manager settings.
  5. Save the file and exit
  6. Create the /var/log/DSM.log file by typing touch /var/log/DSM.log
  7. Set the permissions on the DSM log so that syslog can write to it.
  8. Save the file and exit.
  9. Restart syslog by executing the following command: 
    systemctl restart rsyslog
When Syslog is functioning, the logs are populated in /var/log/DSM.log

Set up a Syslog on Red Hat Enterprise Linux 6 or 7

The following steps describe how to configure rsyslog on Red Hat Enterprise Linux 6 or 7 to receive logs from Deep Security:
  1. Log in as root.
  2. Execute the following command: vi /etc/rsyslog.conf
  3. Uncomment the following lines near the top of the rsyslog.conf file to change them from
    $ModLoad imudp
    #$UDPServerRun 514
    #$ModLoad imtcp
    #$InputTCPServerRun 514
    to
    $ModLoad imudp
    $UDPServerRun 514
    $ModLoad imtcp
    $InputTCPServerRun 514
  4. Add the following two lines of text to the end of the rsyslog.conf:
    • #Save Deep Security Manager logs to DSM.log
    • Local4.* /var/log/DSM.log
      You may need to replace Local4 with another value, depending on your Manager settings.
  5. Save the file and exit.
  6. Create the /var/log/DSM.log file by typing touch /var/log/DSM.log
  7. Set the permissions on the DSM log so that syslog can write to it.
  8. Save the file and exit.
  9. Restart syslog by executing the following command: 
    service rsyslog restart
When Syslog is functioning, the logs are populated in /var/log/DSM.log

Set up a Syslog on Red Hat Enterprise Linux 5

The following steps describe how to configure Syslog on Red Hat Enterprise Linux 5 to receive logs from Deep Security:
  1. Log in as root.
  2. Execute the following command: 
     vi /etc/syslog.conf
  3. Add the following two lines to the end of the syslog.conf file:
    • #Save Deep Security Manager logs to DSM.log
    • Local4.* /var/log/DSM.log
      You may need to replace Local4 with another value, depending on your manager settings.
  4. Save the file and exit.
  5. Create the /var/log/DSM.log file by typing touch /var/log/DSM.log .
  6. Set the permissions on the DSM log so that syslog can write to it.
  7. Execute the following command:
    vi /etc/sysconfig/syslog
  8. Modify the line SYSLOGD_OPTIONS and add a -r to the options.
  9. Save the file and exit.
  10. Restart syslog by executing the following command: 
     /etc/init.d/syslog restart
When Syslog is functioning, the logs are populated in /var/log/DSM.log