...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Configuring Redhat Linux to forward logs to EventTracker - Seceon CCE
...
| Table of Contents |
|---|
Overview
Red Hat Enterprise Linux is a commercial open-source Linux distribution developed by Red Hat for the commercial market. Fedora Linux serves as its upstream source. EventTracker integrates with Redhat Linux via Syslog. It monitors events to provide insight on security and compliance events such as login, logout, login-failed events, the command executed, and privilege escalation.
Prerequisites
Seceon CCE should be installed.
Allow the Syslog UDP Port 514 in the firewall/network
Configuration Steps
...
The following steps describe how to configure rsyslog on Red Hat Enterprise Linux 6 or 7 to receive logs from Deep Security.
Log in as a root
Execute: vi /etc/rsyslog.conf
Uncomment the following lines near the top of the rsyslog.conf to change them from:
#$ModLoad imudp
#$UDPServerRun 514
#$ModLoad imtcp
#$InputTCPServerRun 514
to
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514Once done type the command
...
*.* @CCE_IP:514
...
5. Add the following two lines of text to the end of the rsyslog.conf:
#Save Deep Security Manager logs to cce.log
Local7.* /var/log/Seceon/cce.log
Depending on your manager settings, you may need to replace Local7 with another value.
6. Save the file and exit
7. Create the /var/log/Seceon/cce.log file by typing touch /var/log/Seceon/cce.log
8. Set the permissions on the CCE log so that Syslog can write to it
9. Save the file and exit
10. Restart syslog: service rsyslog restart
Verification Steps
...
When Syslog is functioning, you will see logs populated in: /var/log/Seceon/cce.log
Using UI
STEP 1: Log in to UI >> SYSTEM
...
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.
...