000016052 - Sending logging data over syslog

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016052
Applies ToAuthentication Manager 7.1
RSA enVision
CauseA default RSA Authentication Manager 7.1 (AM71) will only log data to its internal logging system.  It is possible to have an AM71 system send data via the syslog mechanism to any selected Syslog server (such as RSA enVision)

Authentication Manager 7.1 needs to be patched with Service Pack 2 or later; this adds the configuration values to <RSA_AM_HOME>/utils/resources/ims.properties with the patch installer:

ims.logging.audit.admin.syslog_host       = <host_name>
ims.logging.audit.admin.syslog_layout     = %d, %X{clientIP}, %c, %p, %m%n
ims.logging.audit.admin.syslog_facility   = 8
ims.logging.audit.admin.use_os_logger     = false
ims.logging.audit.runtime.syslog_host     = <host_name>
ims.logging.audit.runtime.syslog_layout   = %d, %X{clientIP}, %c, %p, %m%n
ims.logging.audit.runtime.syslog_facility = 8
ims.logging.audit.runtime.use_os_logger   = false
ims.logging.system.syslog_host            = <host_name>
ims.logging.system.syslog_layout          = %d, %X{clientIP}, %c, %p, %m%n
ims.logging.system.syslog_facility        = 8
ims.logging.system.use_os_logger          = false

After applying the patch, a customer who wishes to send log messages to syslog can manually change the value of use_os_logger parameter to true. For example, if the system log messages need to be sent to syslog, just set the value of ims.logging.system.use_os_logger to true.   Make a backup of ims.properties before editing.
By default, the patch installer will set the <host_name> to the full host name of the server where RSA Authentication Manager is installed. But user can set it to a remote syslog server as well restart the AM71 server and syslog daemon for this to take affect.
The patch needs to be applied to primary, replica, node, database and RADIUS installations.
The syslog server receiving the log messages may also need to be configured to carry out an appropriate action

NotesLog Data Destination  Use OS System Log    Send system messages to OS system log
On a Windows server, all RSA services must be restarted for the changes to take effect.
Legacy Article IDa44615