000037757 - Errors when configuring RSA Access Manager to send logs to RSA enVision or a generic syslog server

Document created by RSA Customer Support Employee on Jan 28, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037757
Applies ToRSA Product Set: Access Manager
RSA Version/Condition: 6.2.x
IssueRSA Access Manager supports forwarding aserver.log, eserver.log and/or dispatcher.log to RSA enVision.  The same method may also work for sending logs to a generic syslog server, although that has not been qualified by RSA and hence is not supported.

Instructions to configure that feature are in the "Installation and Configuration Guide" for your RSA Access Manager server version.  For example, in the Access Manager Server 6.2.4 Installation and Configuration Guide, the instructions are in chapter 18 "Integrate With enVision", section "Configure Access Manager Server Using Syslog" on page 345.

There are problems with two of the steps in those instructions in all v6.2.x Installation and Configuration Guide manuals.:
  • The SecurCare Online website URL given in step 2 is no longer available.
  • The conversion pattern that is given in step 4 is incorrect.  If used as shown in the manual, the server fails with the following error message when Access Manager runs (note the misspelling of the word "pattern"):


log4j:ERROR Unexpected char [R] at position 2 in conversion pattern


 
Cause
  • The RSA website "SecurCare Online" has been replaced with a new site, "RSA Link".
  • The conversion pattern in step 4 has a percent sign (%) specified where it should not be in front of the word "RSAAXM".
Resolution
  • In step 2, download the three files aserver_log4j.conf, eserver_log4j.conf, and dispatcher_log4j.conf files from: RSA NetWitness Event Source Additional Downloads for RSA Access Manager.  An RSA Link login is required to be able to access that page.  Only those three *_log4j.conf files on that page are needed to configure an Access Manager Server using syslog, so any other files on that page should be ignored.
  • In step 4, the correct ConversionPattern instruction setting is:


log4j.appender.A1.layout.ConversionPattern=RSAAXM-4-<ServerInstance> Name: %m%n


The other settings for log4j.appender.A1.SyslogHost and log4j.appender.file.File are correct as shown in the manual.

Attachments

    Outcomes