Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

SSIM and AIX/Linux boxes not communicating

Created: 10 Dec 2012 | 3 comments

Good morning.  Several things here looking for a solution, but the main things is that even after configuring both ends, our AIX or Unix/Linux boxes are not communiting with our SSIM.  Here is everything that I have done:

On the SSIM Side:

1. I have configured the Syslog director for both Linux and AIX.  AIX on port 10561 and Unix/Linux 10525.

2.  I have configured the Unix Collector sensor for a specific IP for a Linux box under UDP and also used a wildcard for the IP

3. I have configured the AIX collector sensor the same as #2.

 

On the UNIX/Linux and AIX side, I have configured the Contents of the /etc/syslogd.conf file as the Symantec pdf suggested:

*.info     @SERVERNAME

 

Unfortunately after all this, I do not get any logs on the SSIM.  Any suggestions to try to get this to work would greatly appreciated.  Thanks

 

 

Comments 3 CommentsJump to latest comment

olaf's picture

Can you provide screenshots of the configurations you made?

hgil's picture

Please see screenshot below.  One thing I am noticing is that the syslog AIX director continues to uncheck itself.  So something is causing it to uncheck itself. See images below of the director and AIX collector. Let me know if you need further info. Thanks

olaf's picture

Did you actually import the Signature  for the AIX collector?

When you unpack the collector you will find a utils folder which contains a file aixauditmatch.xml.

You will have to import this signature using the option Import in the Syslog Director in the Advanced Otions.

and use

In the Select Import Type dialog box, click Import Only New Signatures