To Enable Syslog and send Syslog Messages to Remote syslog on RSA Key Manager - RSA Data Protection Manager v3.2.3 follow the below steps:
1. Edit the file /etc/sysconfig/syslog
Change
SYSLOGD_OPTIONS="-m 0"
To
SYSLOGD_OPTIONS="-m 0 -r"
2. Type "service syslog restart"
3. vi /opt/rsa/extras/log4j.properties
************************************
log4j.rootLogger=INFO, rkm
log4j.appender.rkm.Threshold=INFO
log4j.appender.rkm=org.apache.log4j.RollingFileAppender
log4j.appender.rkm.File=/opt/KMS/logs/key-manager.log
log4j.appender.rkm.MaxFileSize=100MB
log4j.appender.rkm.MaxBackupIndex=10
log4j.appender.rkm.layout=org.apache.log4j.PatternLayout
log4j.appender.rkm.layout.ConversionPattern=%d{DATE} %x %p %t - %m%n
log4j.logger.org.springframework.beans.factory=ERROR, rkm
log4j.logger.com.rsa=INFO, mySyslog
log4j.appender.mySyslog.Threshold=INFO
log4j.appender.mySyslog=org.apache.log4j.net.SyslogAppender
log4j.appender.mySyslog.facility=LOCAL0
log4j.appender.mySyslog.SyslogHost=<syslog server IP here>
log4j.appender.mySyslog.layout=org.apache.log4j.PatternLayout
log4j.appender.mySyslog.layout.ConversionPattern=%d{DATE} %x %p %t - %m%n - %m%n - %m%n - %m%n
## Uncomment for trace level logging
log4j.logger.com.rsa=DEBUG, rkmdebug
log4j.appender.rkmdebug.Threshold=ERROR
log4j.appender.rkmdebug=org.apache.log4j.RollingFileAppender
log4j.appender.rkmdebug.File=/opt/KMS/logs/key-manager-debug.log
log4j.appender.rkmdebug.layout=org.apache.log4j.PatternLayout
log4j.appender.rkmdebug.layout.ConversionPattern=%d %p %t - %m%n
log4j.logger.org.apache=WARN, rkm
log4j.logger.org.directwebremoting=WARN, rkm
************************************
4. vi /opt/tomcat/webapps/KMS/WEB-INF/classes/log4j.properties
************************************
log4j.rootLogger=INFO, rkm, mySyslog
log4j.appender.mySyslog.Threshold=INFO
log4j.appender.mySyslog=org.apache.log4j.net.SyslogAppender
log4j.appender.mySyslog.Facility=USER
log4j.appender.mySyslog.FacilityPrinting=true
log4j.appender.mySyslog.SyslogHost=10.93.250.214
log4j.appender.mySyslog.layout=org.apache.log4j.PatternLayout
log4j.appender.mySyslog.layout.ConversionPattern=%d{DATE} %x %p %t - %m%n - %m%n - %m%n - %m%n
log4j.appender.rkm.Threshold=INFO
log4j.appender.rkm=org.apache.log4j.RollingFileAppender
log4j.appender.rkm.File=/opt/KMS/logs/key-manager.log
log4j.appender.rkm.MaxFileSize=100MB
log4j.appender.rkm.MaxBackupIndex=10
log4j.appender.rkm.layout=org.apache.log4j.PatternLayout
log4j.appender.rkm.layout.ConversionPattern=%d{DATE} %x %p %t - %m%n
log4j.logger.org.springframework.beans.factory=ERROR, rkm
## Uncomment for trace level logging
log4j.logger.com.rsa=DEBUG, rkmdebug
log4j.appender.rkmdebug.Threshold=ERROR
log4j.appender.rkmdebug=org.apache.log4j.RollingFileAppender
log4j.appender.rkmdebug.File=/opt/KMS/logs/key-manager-debug.log
log4j.appender.rkmdebug.layout=org.apache.log4j.PatternLayout
log4j.appender.rkmdebug.layout.ConversionPattern=%d %p %t - %m%n
log4j.logger.org.apache=WARN, rkm
log4j.logger.org.directwebremoting=WARN, rkm
************************************
5. vi /etc/syslog.conf
***************************************
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
local0.* /var/log/appliance.log
local0.* @<Remote Syslog server IP>
user.* @<Remote Syslog server IP>
*.* @<Remote Syslog server IP>
****************************************
6. service syslog restart
7. service crond stop
8. service tomcat stop
9. service ctrust restart
10. service tomcat start
11. service crond start
Now, the remote machine should be receiving the logs under /var/log/messages (or any file designated to receive the syslog messages. )
No comments:
Post a Comment