Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Postgresql Logs Configuration

 

Overview

Using this document we configure Linux server with the CCE, CCE pulls the logs and redirect it to APE.

For this configuration we use UDP port 514.

Steps of Configuration:-

To configure PostGRE SQL logs, please follow the steps:

  • Log in to the PostGRE server as root.

  • Run the command: vi  /etc/rsyslog.conf

  • Add the lines as below:

#### GLOBAL DIRECTIVES ####

Add $InputFileName /var/log/postgresql/postgresql-*.log

Add $InputFileTag postgresql_logs

Add $InputFileStateFile state-postgresql-access

Add $InputRunFileMonitor

  • After adding,configure CCE-IP at the end of file:

#*.* @@remote-host:514

# ### end of the forwarding rule ###

*.* @CCE_IP:514

  • Restart rsyslog service using the command:  service rsyslog restart

  • To check  the status type the command  service rsyslog status

Verification:-

  • VERIFICATION CAN BE DONE IN TWO WAYS :-

   1. By Checking on UI 

2. Checking logs through CCE server

Verification through UI 

  • Open UI >>System tab >> Logs and flows collection status:

  • The IP will reflect in System tab as source device IP.

Verification Through CCE server

  • Run the command " sudo tcpdump -i any port 514 and host <IP address>

 

Seceon Inc. All rights reserved. https://www.seceon.com