000017351 - Configure RSA Authentication Manager to Send Log Messages

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017351
Applies ToRSA Authentication Manager 7.1 Service Pack 4
RSA Authentication Manager 8.1
syslog
audit
IssueConfigure RSA Authentication Manager to send log messages
Resolution

Configure RSA Authentication Manager to send log messages


 


The RSA product that is capable of collecting log messages from Authentication Manager is RSA Security Analytics which is replacing the older product RSA envision (version 4.1 SP1 End of Primary Support listed as Dec 2015).


 


RSA Authentication Manager 7.1 Service Pack 4 (RSA SecurID Appliance 3.0 Service Pack 4)


 


For information on how to configure RSA Authentication Manager 7.1 (or RSA SecurID Appliance 3.0) to send log messages to a local Syslog server please refer to Chapter 9: logging and Report (page 211) of the RSA Authentication Manager 7.1 Administrator?s Guide for the section called Configuring Syslog.


 


RSA Authentication Manager 7.1 and RSA SecurID Appliance 3.0 had a known issue in the RSA Security Console configuring the OS System log setting and the RSA Authentication Manager 7.1 Service Pack 4 Releases Notes highlighted this known issue (ref: AM-17602). A workaround was provided to update the RSA_AM_HOME/utils/resources/ims.properties file with the fully qualified computer name of the syslog server and to set the use_os_logger parameters to true.


 


RSA Authentication Manager 8.1 (virtual appliance) and installed on RSA SecurID Appliance


 


Please refer to URL http://www.emc.com/security/rsa-securid/rsa-authentication-manager.htm#!hardware for the latest information on RSA SecurID Appliance with RSA Authentication Manager 8.1 software.


 


For information on how to configure RSA Authentication Manager 8.1 to use a remote syslog host please refer to Chapter 14: Logging and Reporting (page 351) of the RSA Authentication Manager 8.1 Administrator?s Guide for the section called ?Configure the Remote Syslog Host for Real Time Log Monitoring?.


 



  

 


  

Configure the Remote Syslog Host for Real Time Log Monitoring


  

 


  

You can configure a remote Syslog host to log messages from Authentication Manager. The remote host must be a valid UNIX or Linux machine with Syslog capabilities. The remote Syslog manages logs from multiple systems in the network, including RSA Authentication Manager. Configure the remote host to log messages from Authentication Manager. The location of files and IP tables used in configuration


  

may vary depending on your remote host. For instructions, see your UNIX or Linux documentation.


  

RSA Authentication Manager 8.1 Administrator?s Guide


  

After you have configured the remote Syslog host, you must identify the remote host as a destination for logs in the Security Console. For instructions, see the Security Console Help topic ?Configure Logging.?


  

 


  

 


Information from the RSA Authentication Manager 8.1 Console Help Topic ?Configure Logging?


 



  

 


  

Configure Logging


  

 


  

You can configure RSA Authentication Manager logging on each instance. You can copy the log configuration from the primary instance to the replica instance.


  

 


  

Before You Begin


  

 


  

You must be a Super Admin.


  

 


  

Procedure


  

 


  

1. In the Security Console, click Setup > System Settings.


  

 


  

2. Click Logging.


  

 


  

3. Select an instance.


  

 


  

4. Click Next.


  

 


  

5. From the Trace Log, Administrative Audit Log, Runtime Audit Log, and System Log drop-down lists, select a log level. For a description of each parameter, see Log Configuration Parameters.


  

 


  

6. Determine where to store the log data. You can choose to save it:


  

 


  

?  Locally in the internal database only


  

 


  

?  Locally in the internal database and in the local operating system Syslog


  

 


  

?  Locally in the internal database and the remote Syslog at a specified hostname or IP address. The remote host must be a valid UNIX machine that Authentication Manager is permitted to access. The system resolves the remote hostname by referring to the Domain Name System that was configured during Quick Setup. For instructions on configuring a remote Syslog host to log messages from Authentication Manager, see the Administrator?s Guide.


  

 


  

7. If you are configuring log settings on the primary instance and you want to apply the same changes to the replica instance, click Apply the above settings to the replica instance(s) upon save.


  

 


  

8. Click Save


  

 


  

 


  

 


Contact information for RSA Customer Support is located at URL http://www.emc.com/support/rsa/contact/index.htm should you require technical assistance with a purchased RSA product.

Legacy Article IDa64819

Attachments

    Outcomes