on Jun 14, 2016Article Content
| Article Number | 000017542 |
| Applies To | Use the RSA Authentication Manager (AM) 8.1 Security console - Setup - System Settings. Then click on the Logging Link. Select either Primary or Replica(s), [Next>]. Set Log Levels, then scroll down to Log Data Destination. There are 3 types of log data; Administrative Audit, Runtime Audit (includes Authentications), and System (includes system errors like failures to connect to remote LDAP Identity Source). There are also three ways to save log data, bottom choice is both Internal Database and remote Syslog at the following hostname or IP address. [Save] RSA Authentication Manager (AM) version 8.1, AM 8.1, AM 8.0, AM 8.X Remote syslog, Remote syslogging, Remote syslogger, System log |
| Issue | How to verify RSA Authentication Manager (AM) 8.1 is sending syslog data to a remote syslog server. Remote Syslog Server admin (e.g. ARCSite) says no RSA syslog data is coming to his syslog server, even though you as RSA AM Admin configured remote syslog to his server's IP address. |
| Cause | Firewall blocking syslog UDP port 514 traffic. |
| Resolution | SSH to the Suse Linux operating system with the OS account (rsaadmin or whatever has been configured). sudo su - <to become root - same password> |
| Legacy Article ID | a66606 |