|Applies To||RSA Product Set: Security Analytics, NetWitness|
RSA Product/Service Type: Core Appliance, NextGen Appliance
RSA Version/Condition: 10.3.x and below
O/S Version: 5
|Issue||The Set Syslog Forwarding appliance task in the Security Analytics UI and the NetWitness Administrator thick client only functions with rsyslog and not with sysklogd, which is installed on the CentOS 5 appliances by default.|
|Tasks||This article will provide instructions for replacing the sysklogd package with rsyslog on an RSA Security Analytics or NetWitness appliance running CentOS 5.|
|Resolution||In order to replace the sysklogd package with rsyslog on an EL5 appliance, follow the steps below:|
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
- Download the rsyslog-8.2.2-1.el5.centos.zip file that is attached to this article and use an FTP client to transfer it to the /tmp directory on the appliance.
- Login to the appliance via SSH and navigate to the /tmp directory.
- Extract the RPM packages from the .zip file with the following command: unzip rsyslog-8.2.2-1.el5.centos.zip
- Issue the command cd rsyslogEL5 to enter the directory where the RPM packages are stored.
- Issue the command below to install the RPM packages.
rpm -Uvh rsyslog-8.2.2-1.el5.centos.x86_64.rpm jemalloc-3.4.0-1.el5.centos.x86_64.rpm json-c-0.11-3.el5.centos.x86_64.rpm libestr-0.1.9-1.el5.centos.x86_64.rpm libgt-0.3.11-1.el5.centos.x86_64.rpm liblogging-1.0.4-1.el5.centos.x86_64.rpm
- After the installation is complete, issue the command rpm -qa | grep sysklogd to verify that the sysklogd package is no longer present.
- Issue the rpm -qa | grep rsyslog to confirm that the rsyslog package has been installed correctly.
- Check the status of the rsyslog service with the following command: service rsyslog status
- If the rsyslog service is stopped, start the service with the service rsyslog start command.
- Configure the rsyslog service to start on boot with the following command: chkconfig rsyslog on
- Verify that the command in Step 10 was successful by issuing the chkconfig --list rsyslog command.
|Notes||Below is a screenshot of the entire process of replacing the sysklogd package with rsyslog on a Series 3 concentrator running CentOS 5.|
The full rsyslog repository where the RPM packages included in the attached zip file were obtained can be found here.