|Issue||The requirement is to send RSA Authentication Manager 8.1 runtime, administrative and system information to multiple remote syslog servers.|
|Resolution||There are two parts to this solution.|
Use the RSA Authentication Manager 8.1 primary instance Security Console > Setup > System Settings > click Logging in Basic Settings > select Primary as the Instance type and click Next
This requires either SSH access or local console access to the operating system.
The proposed steps have not been officially qualified by RSA and must be tested prior to any production use:
Making the change to the /etc/syslog-ng/syslog-ng.conf configuration file is a custom change and must be noted when writing up the a disaster recovery plan for all authentication manager instances deployed for production usage.
|Notes||IMPORTANT NOTE: This configuration allows the authentication manager instance to push its data into the /var/log/messages file and all of the data being written to /var/log/messages is pushed out to the remote syslog servers. Further research will be required to filter outgoing data to the remote syslog servers.|