Deep Security Manager 10 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Configure Red Hat Enterprise Linux to receive event logs
Set up a Syslog on Red Hat Enterprise Linux 6 or 7
The following steps describe how to configure rsyslog on Red Hat Enterprise Linux 6 or 7 to receive logs from Deep Security.
- Log in as root
- Execute:
vi /etc/rsyslog.conf
- Uncomment the following lines near the top of the
rsyslog.conf
to change them from:
#$ModLoad imudp
to
#$UDPServerRun 514
#$ModLoad imtcp
#$InputTCPServerRun 514
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
- Add the following two lines of text to the end of the
rsyslog.conf
:#Save Deep Security Manager logs to DSM.log
Local4.* /var/log/DSM.log
You may need to replaceLocal4
with another value, depending on your Manager settings. - Save the file and exit
- Create the
/var/log/DSM.log
file by typingtouch /var/log/DSM.log
- Set the permissions on the DSM log so that syslog can write to it
- Save the file and exit
- Restart syslog:
- On Red Hat Enterprise Linux 6:
service rsyslog restart
- On Red Hat Enterprise Linux 7:
systemctl restart rsyslog
- On Red Hat Enterprise Linux 6:
When Syslog is functioning you will see logs populated in:
/var/log/DSM.log
Set up a Syslog on Red Hat Enterprise Linux 5
The following steps describe how to configure Syslog on Red Hat Enterprise Linux to receive logs from Deep Security.
- Log in as root
- Execute:
vi /etc/syslog.conf
- Add the following two lines of text to the end of the
syslog.conf
:#Save Deep Security Manager logs to DSM.log
Local4.* /var/log/DSM.log
You may need to replaceLocal4
with another value, depending on your Manager settings. - Save the file and exit
- Create the
/var/log/DSM.log
file by typingtouch /var/log/DSM.log
- Set the permissions on the DSM log so that syslog can write to it
- Execute:
vi /etc/sysconfig/syslog
- Modify the line "
SYSLOGD_OPTIONS
" and add a "-r
" to the options - Save the file and exit
- Restart syslog:
/etc/init.d/syslog restart
When Syslog is functioning you will see logs populated in:
/var/log/DSM.log