Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SSIM UNIX Log File Event Collector Installation & configuration on LINUX (Graphical)

Created: 14 Mar 2012 • Updated: 21 Mar 2012 | 9 comments
Language Translations
Avkash K's picture
+10 12 Votes
Login to vote

SSIM UNIX Log File Event Collector Installation & configuration on LINUX.

Step 1:- Download the UNIX Log file Event Collector from File Connect

(File Name:- UNIX_OS_Logfile_Event_Collector_448_Win_RHEL345_Sol8910_SuSE_EN)

Step 2:- Extract the downloaded file & complete the registration process for collector.( You can refer already available KB’s for collector registration)

Step 3:-  Prior installing any collector ready with the SSIM Agent installation.

Step 4 :- Copy unixlogfile.zip file to the LINUX machine by using any file tranfer software e.g.WinSCP.

Step 5 :- Unzip the collector file by using following command.

                unzip unixlogfile.zip

    

Step 6 :- After extracting traverse to the install folder & change the permission on the installation files by issuing below command.

                chmod 777 *

Step 7 :- now install the collector by using below command.

                sh ./install.sh

Step 8 :- As the collector is installed, now we need to configure our LINUX box to receive the Syslog messages from remote system & store them into /Var/Log/Messages file, so that UNIX OS Log file event collector can read the logs from messages file.

  1. Start the syslog service. ==> Service syslog start
  2. Set the syslog daemon in syslog receiving mode

           vi /etc/sysconfig/syslog.conf

change the option as shown SYSLOGD_OPTIONS="-m 0 -r -x".

     3. Restart the syslog service è

           service syslog restart

Step 9 :- enable your target machines to forward the syslog events to this LINUX box.

Step 10:- Verify that you started receiving the syslog messages on LINUX box.

                tcpdump port 514

Step 11 :- Now check whether this syslogs are getting saved to messages file or not.

                Cat /var/log/messages

Step 12 :- As all remote syslog messages started logging under messages file, we can setup our sensor to read the messages file.

               

Deploy this setting to the Collector & check whether you are receiving the logs or not. 

Comments 9 CommentsJump to latest comment

Milan_T's picture

Dear Arvind,

Yes, for all unix based kernels we can configure above settings.

It is very earlier method to forward unix based logs to remote systems.

For this we need to handle diffrent collectors to correlate logs for various unix logs.

0
Login to vote
Jay_1182's picture

Is this supported on RHEL x64 bit machine?

0
Login to vote
Milan_T's picture

Yes it will support rhel x64 bit machine.

0
Login to vote
Vikram Kumar-SAV to SEP's picture

Yes for SSIM 4.8

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

0
Login to vote
Jay_1182's picture

Thanks Vikram, Can we install the Event agent on 4.7 and install this collector on RHEL 5.8 x64 bit machine for SSIM 4.7? 

0
Login to vote
Milan_T's picture

you need to install event agent and collector on RHEL 5.8 x64 bit machine.

During event agent installation you need to mention ip of SSIM 4.7 collector.

0
Login to vote