Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Configuration Steps:

The following steps describe how to configure rsyslog on Red Hat Enterprise Linux 6 or 7 to receive logs from Deep Security.

  1. Log in as a root

  2. Execute: vi /etc/rsyslog.conf

  3. Uncomment the following lines near the top of the rsyslog.conf to change them from:
    #$ModLoad imudp
    #$UDPServerRun 514
    #$ModLoad imtcp
    #$InputTCPServerRun 514
    to
    $ModLoad imudp
    $UDPServerRun 514
    $ModLoad imtcp
    $InputTCPServerRun 514

  4. Add the following two lines of text to the end of the rsyslog.conf:

#Save Deep Security Manager logs to cce.log

Local7.* /var/log/Seceon/cce.log

Depending on your manager settings, you may need to replace Local7 with another value.

  1. Save the file and exit

  2. Create the /var/log/Seceon/cce.log file by typing touch /var/log/Seceon/cce.log

  3. Set the permissions on the CCE log so that Syslog can write to it

  4. Save the file and exit

  5. Restart syslog: service rsyslog restart

Verification Steps:

When Syslog is functioning, you will see logs populated in: /var/log/Seceon/cce.log

  • No labels

Seceon Inc. All rights reserved. https://www.seceon.com