000027598 - How to send SecurID logs to syslog for monitoring

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027598
Applies ToAuthentication Manager 6.1.x
Event Viewer Application Log

Summary of Log to System Log option to direct Authentication Manager-related
audit log messages to your Event log (on Windows) or system log (on UNIX).
Only Authentication Manager-related messages can be sent to the log. You can specify
criteria to select the kinds of messages sent to the log so that it captures only the
information you need. On Windows, messages from RSA Authentication Manager
appear in the Application log portion of the Event log.

IssueHow to send SecurID logs to syslog for monitoring
ResolutionLog monitoring of logs is an important aspect of Security.  The 6.1.x server cannot directly send messages to a SysLog server.
Log to System Log is an option that allows for sending RealTime authentication messages to the Operating System Event Log (Windows) or System Log (UNIX)

Click Start > Programs > RSA Security > RSA Authentication Manager Host Mode
Log > Edit System Log Parameters?
Select Messages from the Message Types Column and Move to the Selected Messages Column.  Leave other default values.  Click OK.

Next Click Log Filtering > Configure  This setting -filters- messages from the SecurID logs.
Any Item in the Not Logged Column, will not be sent to the Event Log or System Log.

Once these two items are set. Click Log > Log to System Log.
This is an easy way to turn on/off messages to the Event Log or System Log.
Customers must use a third-party monitoring tool to extract the Event Logs (Windows) or System Log (Unix)

Connect to the system via SSH.
Change to ACEPROG and run ./sdadmin    Follow the the menu items above.
NotesFollow your Operating System guide regarding storage of these logs.   Maintain adequate disk space.
Legacy Article IDa54309