SSIM UNIX Log File Event Collector Installation & configuration on LINUX (Graphical)
SSIM UNIX Log File Event Collector Installation & configuration on LINUX.
Step 1:- Download the UNIX Log file Event Collector from File Connect
(File Name:- UNIX_OS_Logfile_Event_Collector_448_Win_RHEL345_Sol8910_SuSE_EN)
Step 2:- Extract the downloaded file & complete the registration process for collector.( You can refer already available KB’s for collector registration)
Step 3:- Prior installing any collector ready with the SSIM Agent installation.
Step 4 :- Copy unixlogfile.zip file to the LINUX machine by using any file tranfer software e.g.WinSCP.
Step 5 :- Unzip the collector file by using following command.
unzip unixlogfile.zip
Step 6 :- After extracting traverse to the install folder & change the permission on the installation files by issuing below command.
chmod 777 *
Step 7 :- now install the collector by using below command.
sh ./install.sh
Step 8 :- As the collector is installed, now we need to configure our LINUX box to receive the Syslog messages from remote system & store them into /Var/Log/Messages file, so that UNIX OS Log file event collector can read the logs from messages file.
- Start the syslog service. ==> Service syslog start
- Set the syslog daemon in syslog receiving mode
vi /etc/sysconfig/syslog.conf
change the option as shown SYSLOGD_OPTIONS="-m 0 -r -x".
3. Restart the syslog service è
service syslog restart
Step 9 :- enable your target machines to forward the syslog events to this LINUX box.
Step 10:- Verify that you started receiving the syslog messages on LINUX box.
tcpdump port 514
Step 11 :- Now check whether this syslogs are getting saved to messages file or not.
Cat /var/log/messages
Step 12 :- As all remote syslog messages started logging under messages file, we can setup our sensor to read the messages file.
Deploy this setting to the Collector & check whether you are receiving the logs or not.
Comments
Usefull Article.
Usefull Article.
It's command line not graphicle
It's hippy & usefull one
Does this work for all Unix
Does this work for all Unix kernels.??
Dear Arvind, Yes, for all
Dear Arvind,
Yes, for all unix based kernels we can configure above settings.
It is very earlier method to forward unix based logs to remote systems.
For this we need to handle diffrent collectors to correlate logs for various unix logs.
Is this supported on RHEL x64
Is this supported on RHEL x64 bit machine?
Yes it will support rhel x64
Yes it will support rhel x64 bit machine.
Yes for SSIM 4.8
Yes for SSIM 4.8
Vikram Kumar
Symantec Consultant
The most helpful part of entire Symantec connect is the Search button..do use it.
Thanks Vikram, Can we install
Thanks Vikram, Can we install the Event agent on 4.7 and install this collector on RHEL 5.8 x64 bit machine for SSIM 4.7?
you need to install event
you need to install event agent and collector on RHEL 5.8 x64 bit machine.
During event agent installation you need to mention ip of SSIM 4.7 collector.
Would you like to reply?
Login or Register to post your comment.