Mumbai Security and Compliance User Group

 View Only
Back to Library

Centos Integration with SSIM 

Jan 12, 2012 05:50 AM

 

Centos Integration process ( 1.1.1.1 is IP add of centos syslog server & centossyslog is hostname)

 

The CENTOS server needs to be configured to forward the logs from syslog daemon to the Collector PC on which SSIM Agent and Unix syslog collector is running.

 

In order to receive logs the below mentioned changes needs to be carried out at CENTOS server.

 

  1. Addition of below statement in /etc/hosts file  (this is a IP address of SSIM agent )

             1.1.1.1  Centossyslog

  1. Addition of below statement in the /etc/syslog.conf  file (This will forward CENTOS logs to Agent Server i.e 10.226.6.238)
    *.info @Centossyslog
  2. Restart the Syslogd service.  Service syslog restart

 

Note :-  IF server has firewall in between then need to open UDP-514 Port. Unidirectional

1    Source CENTOS server -> destination SSIM Collection Server (1.1.1.1) with unidirection port UDP-514.

 

Configure the collector machine to receive remote syslog events.

 To configure the collector machine to receive remote syslog events

1 On the Linux machine on which the collector will be installed, use an editor such as vi to open the /etc/sysconfig/syslog file.

2 Change the line

SYSLOGD_OPTIONS="-m 0"

to the following:

SYSLOGD_OPTIONS="-m 0 -r -x"

3 Save and close the syslog file.

4 To enable receipt of remote syslog messages, type the following command:

service syslog restart

 

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Migration User
Mar 17, 2012 03:31 AM

Good info

DLP kishorilal
Mar 15, 2012 09:51 AM

Nice article,

Make it more details and step by step since contains difficult to read,.

Regards

Kishorilal

Migration User
Feb 03, 2012 02:03 AM

Thanks for sharing.

Migration User
Jan 14, 2012 05:31 AM

This really helped, thanks!

Related Entries and Links

No Related Resource entered.