SSIM UNIX Log File Event Collector Installation & configuration on LINUX.

Step 1:- Download the UNIX Log file Event Collector from File Connect

(File Name:- UNIX_OS_Logfile_Event_Collector_448_Win_RHEL345_Sol8910_SuSE_EN)

Step 2:- Extract the downloaded file & complete the registration process for collector.( You can refer already available KB’s for collector registration)

Step 3:-  Prior installing any collector ready with the SSIM Agent installation.

Step 4 :- Copy unixlogfile.zip file to the LINUX machine by using any file tranfer software e.g.WinSCP.

Step 5 :- Unzip the collector file by using following command.

                unzip unixlogfile.zip

Step 6 :- After extracting traverse to the install folder & change the permission on the installation files by issuing below command.

                chmod 777 *

Step 7 :- now install the collector by using below command.

                sh ./install.sh

Step 8 :- As the collector is installed, now we need to configure our LINUX box to receive the Syslog messages from remote system & store them into /Var/Log/Messages file, so that UNIX OS Log file event collector can read the logs from messages file.

1. Start the syslog service. ==> Service syslog start
2. Set the syslog daemon in syslog receiving mode

           vi /etc/sysconfig/syslog.conf

change the option as shown SYSLOGD_OPTIONS="-m 0 -r -x".

     3. Restart the syslog service è

           service syslog restart

Step 9 :- enable your target machines to forward the syslog events to this LINUX box.

Step 10:- Verify that you started receiving the syslog messages on LINUX box.

                tcpdump port 514

Step 11 :- Now check whether this syslogs are getting saved to messages file or not.

                Cat /var/log/messages

Step 12 :- As all remote syslog messages started logging under messages file, we can setup our sensor to read the messages file.

Deploy this setting to the Collector & check whether you are receiving the logs or not.