000017382 - How to configure an RSA Data Protection Manager Appliance to log to syslog?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017382
Applies ToRSA Key Manager Appliance 1.5
RSA Key Manager Appliance 2.5
RSA Key Manager Appliance 2.7SP1
RSA Key Manager Server
RSA Data Protection Manager Appliance 3.2
RSA Data Protection Manager Appliance 3.5.x
IssueHow to configure RSA Key Manager Server or RKM Appliance to log to syslog?
Unable to send RKM logs to the local syslog
Resolution

Fix for DPM Appliances 2.x


1. Edit the file /etc/sysconfig/syslog
    Change
        SYSLOGD_OPTIONS="-m 0"
    To
        SYSLOGD_OPTIONS="-m 0 -r"
2. Type "service syslog restart"


3. Update log4j.properties as follows:


a) Use the following /opt/tomcat/webapps/KMS/WEB-INF/classes/log4j.properties


log4j.rootLogger=DEBUG, rkm, rkmsyslog
log4j.appender.rkm.Threshold=INFO
log4j.appender.rkm=org.apache.log4j.RollingFileAppender
log4j.appender.rkm.File=/opt/KMS/logs/key-manager.log
log4j.appender.rkm.layout=org.apache.log4j.PatternLayout
log4j.appender.rkm.layout.ConversionPattern=%d %p %t %c - %m%n
# Uncomment for trace level logging
#log4j.appender.rkmdebug.Threshold=DEBUG
#log4j.appender.rkmdebug=org.apache.log4j.RollingFileAppender
#log4j.appender.rkmdebug.File=/opt/KMS/logs/key-manager-debug.log
#log4j.appender.rkmdebug.layout=org.apache.log4j.PatternLayout
#log4j.appender.rkmdebug.layout.ConversionPattern=%d %p %t %c - %m%n
# Logging to syslog
log4j.appender.rkmsyslog.Threshold=INFO
log4j.appender.rkmsyslog=org.apache.log4j.net.SyslogAppender
log4j.appender.rkmsyslog.SyslogHost=localhost
log4j.appender.rkmsyslog.layout=org.apache.log4j.PatternLayout
log4j.appender.rkmsyslog.layout.ConversionPattern=%d %p %t %c - %m%n
log4j.appender.rkmsyslog.header=true
log4j.appender.rkmsyslog.Facility=USER

b)


  • for RKM Appliance 2.5.0.1, edit log4j.properties under /opt/tomcat/webapps/rkmawa/WEB-INF/classes with the following:
  • for RKM Appliance 2.5.0.3, edit log4j.properties under /opt/KMS/conf/properties with the following:
#
# For debuging, change the level to debug and add console
#
#log4j.rootCategory=DEBUG, CONSOLE, LOGFILE
#log4j.logger.org.apache=WARN, CONSOLE, LOGFILE
log4j.rootCategory=DEBUG, LOGFILE, rkmsyslog
log4j.logger.org=WARN
log4j.logger.httpclient=DEBUG
log4j.logger.com.rsa.keymanager.web.admin.AuthFilter=INFO
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=%d %p [%t] [%X{sesstag}] [%c] - <%m>%n
log4j.appender.LOGFILE=org.apache.log4j.DailyRollingFileAppender
log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
log4j.appender.LOGFILE.layout.ConversionPattern=%d %p [%t] [%X{sesstag}] [%c] - <%m>%n
log4j.appender.LOGFILE.File=/opt/tomcat/logs/rkmawa.log
log4j.appender.LOGFILE.DatePattern='.'yyyy-MM-dd
# Logging to syslog
log4j.appender.rkmsyslog.Threshold=INFO
log4j.appender.rkmsyslog=org.apache.log4j.net.SyslogAppender
log4j.appender.rkmsyslog.SyslogHost=localhost
log4j.appender.rkmsyslog.layout=org.apache.log4j.PatternLayout
log4j.appender.rkmsyslog.layout.ConversionPattern=%d %p %t %c - %m%n
log4j.appender.rkmsyslog.header=true

log4j.appender.rkmsyslog.Facility=USER

 


c) for RSA Key Manager Appliance 2.7SP1, edit log4j.properties files in folders:


/opt/KMS/conf/properties/
/opt/tomcat/common/classes/


  - with the following:


log4j.rootLogger=DEBUG, rkm, rkmsyslog
log4j.appender.rkm.Threshold=INFO
log4j.appender.rkm=org.apache.log4j.RollingFileAppender
log4j.appender.rkm.File=/opt/KMS/logs/key-manager.log
log4j.appender.rkm.layout=org.apache.log4j.PatternLayout
log4j.appender.rkm.layout.ConversionPattern=%d %p %t %c - %m%n
log4j.logger.org.apache=WARN, rkm
log4j.appender.rkmsyslog.Threshold=INFO
log4j.appender.rkmsyslog=org.apache.log4j.net.SyslogAppender
log4j.appender.rkmsyslog.SyslogHost=localhost
log4j.appender.rkmsyslog.layout=org.apache.log4j.PatternLayout
log4j.appender.rkmsyslog.layout.ConversionPattern=%d %p %t %c - %m%n
log4j.appender.rkmsyslog.header=true

log4j.appender.rkmsyslog.Facility=USER

4. Restart Tomcat: "service tomcat restart"

 

Fix for DPM 3.2.x


For DPM Appliance Monitoring logs


  1. Login as cliadmin
  2. Run the command configSyslog and follow the instructions
For DPM Server logs:
  1. Edit the /home/cliadmin/kms_conf/log4j.properties with the following
log4j.rootLogger=INFO, rkm, rkmsyslog
og4j.appender.rkm.Threshold=INFO
log4j.appender.rkm=org.apache.log4j.RollingFileAppender
log4j.appender.rkm.File=/opt/KMS/logs/key-manager.log
log4j.appender.rkm.MaxFileSize=100MB
log4j.appender.rkm.MaxBackupIndex=10
log4j.appender.rkm.layout=org.apache.log4j.PatternLayout
log4j.appender.rkm.layout.ConversionPattern=%d{DATE} %x %p %t - %m%n
log4j.logger.org.springframework.beans.factory=ERROR, rkm
## Uncomment for trace level logging
log4j.logger.com.rsa=DEBUG, rkmdebug
log4j.appender.rkmdebug.Threshold=ERROR
log4j.appender.rkmdebug=org.apache.log4j.RollingFileAppender
log4j.appender.rkmdebug.File=/opt/KMS/logs/key-manager-debug.log
log4j.appender.rkmdebug.layout=org.apache.log4j.PatternLayout
log4j.appender.rkmdebug.layout.ConversionPattern=%d %p %t - %m%n
log4j.logger.org.apache=WARN, rkm
log4j.logger.org.directwebremoting=WARN, rkm
log4j.appender.rkmsyslog.Threshold=INFO
log4j.appender.rkmsyslog=org.apache.log4j.net.SyslogAppender
log4j.appender.rkmsyslog.SyslogHost=<IP/Hostname of logserver>
log4j.appender.rkmsyslog.layout=org.apache.log4j.PatternLayout
log4j.appender.rkmsyslog.layout.ConversionPattern=%d %p %t %c - %m%n
log4j.appender.rkmsyslog.header=true

log4j.appender.rkmsyslog.Facility=USER
log4j.appender.rkmsyslog.FacilityPrinting=true

 


  1. Service tomcat restart

For login information and ssh connections:


  1. Open /etc/syslog.conf
  2. Add this line (use one @ sign if using TCP, use two ( @@ ) if using UDP. You can also add the port by adding :PORT after the hostname). 
auth.*;authpriv.*  @<IP/Hostname of syslogserver>

For Access Manager logs:



  1. Go to the /opt/axm/server-61/conf directory. Edit the aserver.conf file,

    add the following line:


cleartrust.aserver.log4j.config.file=aserver_log4j.conf

 

comment the following line:


cleartrust.aserver.log=aserver.log

  1. Edit the eserver.conf file, and add the following line:
cleartrust.eserver.log4j.config.file=eserver_log4j.conf

and comment out the following:


cleartrust.eserver.log=eserver.log

  1. Edit the dispatcher.conf file, and add the following line:
cleartrust.dispatcher.log4j.config.file=dispatcher_log4j.conf

and comment out the following:


cleartrust.dispatcher.log=dispatcher.log

  1. Create the files aserver_log4j.conf, eserver_log4j.conf, and dispatcher_log4j.conf and enter the following:
log4j.rootLogger=INFO, axm, axmsyslog
log4j.appender.axm.Threshold=INFO
log4j.appender.axm=org.apache.log4j.RollingFileAppender
log4j.appender.axm.File=/opt/axm/server-61/logs/<logfilename, aserver.log, eserver.log, dispatcher.log>
log4j.appender.axm.MaxFileSize=100MB
log4j.appender.axm.MaxBackupIndex=10
log4j.appender.axm.layout=org.apache.log4j.PatternLayout
log4j.appender.axm.layout.ConversionPattern=%d{DATE} %x %p %t - %m%n
log4j.logger.org.springframework.beans.factory=ERROR, axm
log4j.logger.org.apache=WARN, axm
log4j.logger.org.directwebremoting=WARN, axm
log4j.appender.axmsyslog.Threshold=INFO
log4j.appender.axmsyslog=org.apache.log4j.net.SyslogAppender
log4j.appender.axmsyslog.SyslogHost=<IP/Hostname of Syslog>
log4j.appender.axmsyslog.layout=org.apache.log4j.PatternLayout
log4j.appender.axmsyslog.layout.ConversionPattern=%d %p %t %c - %m%n
log4j.appender.axmsyslog.Facility=USER
log4j.appender.axmsyslog.header=true
log4j.appender.axmsyslog.FacilityPrinting=true

  1. service crond stop
  2. service tomcat stop
  3. service ctrust restart
  4. service tomcat start
  5. service crond start

Fix for DPM 3.5.x


For DPM Appliance Monitoring logs


  1. Login as cliadmin
  2. run the command configSyslog and follow instructions

For DPM Server logs:


  1. Edit the /home/cliadmin/kms_conf/log4j.properties with the following
log4j.rootLogger=INFO, rkm, rkmsyslog
log4j.appender.rkm.Threshold=INFO
log4j.appender.rkm=org.apache.log4j.RollingFileAppender
log4j.appender.rkm.File=/opt/KMS/logs/key-manager.log
log4j.appender.rkm.MaxFileSize=100MB
log4j.appender.rkm.MaxBackupIndex=10
log4j.appender.rkm.layout=org.apache.log4j.PatternLayout
log4j.appender.rkm.layout.ConversionPattern=%d{DATE} %x %p %t - %m%n
log4j.logger.org.springframework.beans.factory=ERROR, rkm
## Uncomment for trace level logging
log4j.logger.com.rsa=DEBUG, rkmdebug
log4j.appender.rkmdebug.Threshold=ERROR
log4j.appender.rkmdebug=org.apache.log4j.RollingFileAppender
log4j.appender.rkmdebug.File=/opt/KMS/logs/key-manager-debug.log
log4j.appender.rkmdebug.layout=org.apache.log4j.PatternLayout
log4j.appender.rkmdebug.layout.ConversionPattern=%d %p %t - %m%n
log4j.logger.org.apache=WARN, rkm
log4j.logger.org.directwebremoting=WARN, rkm
log4j.appender.rkmsyslog.Threshold=INFO
log4j.appender.rkmsyslog=org.apache.log4j.net.SyslogAppender
log4j.appender.rkmsyslog.SyslogHost=<IP/Hostname of logserver>
log4j.appender.rkmsyslog.layout=org.apache.log4j.PatternLayout
log4j.appender.rkmsyslog.layout.ConversionPattern=%d %p %t %c - %m%n
log4j.appender.rkmsyslog.Facility=USER
log4j.appender.rkmsyslog.header=true
log4j.appender.rkmsyslog.FacilityPrinting=true

  1. service tomcat restart

For all syslog messages including ssh connections:


  1. Edit /etc/syslog-ng/syslog-ng.conf
  2. Add those lines to the bottom of the file
#
# Send all message except iptables and news/mail plus appliance monitoring logs to a remote UDP syslog
#
filter f_sshd       { match('sshd\[[0-9]+\]:'); };
destination udplogserver { udp("10.10.56.84" port(514)); };
log { source(src); filter(f_sshd); destination(udplogserver); };
log { source(src); filter(f_local); destination(udplogserver); };
log { source(src); filter(f_local0); destination(udplogserver); };
log { source(src); filter(f_messages); destination(udplogserver); };

  1. Restart the service by running "service syslog restart"

For Access Manager logs:


  1. Go to the /opt/axm/server-61/conf directory
  2. Edit the aserver.conf file, and add the following line:
cleartrust.aserver.log4j.config.file=aserver_log4j.conf

and comment out the following:

cleartrust.aserver.log=aserver.log

  1. Edit the eserver.conf file, and add the following line:
cleartrust.eserver.log4j.config.file=eserver_log4j.conf

and comment out the following:

cleartrust.eserver.log=eserver.log

  1. Edit the dispatcher.conf file, and add the following line:
cleartrust.dispatcher.log4j.config.file=dispatcher_log4j.conf

and comment out the following:

cleartrust.dispatcher.log=dispatcher.log

  1. Create the files aserver_log4j.conf, eserver_log4j.conf, and dispatcher_log4j.conf and enter the following:
log4j.rootLogger=INFO, axm, axmsyslog
log4j.appender.axm.Threshold=INFO
log4j.appender.axm=org.apache.log4j.RollingFileAppender
log4j.appender.axm.File=/opt/axm/server-61/logs/<logfilename, aserver.log, eserver.log, dispatcher.log>
log4j.appender.axm.MaxFileSize=100MB
log4j.appender.axm.MaxBackupIndex=10
log4j.appender.axm.layout=org.apache.log4j.PatternLayout
log4j.appender.axm.layout.ConversionPattern=%d{DATE} %x %p %t - %m%n
log4j.logger.org.springframework.beans.factory=ERROR, axm
log4j.logger.org.apache=WARN, axm
log4j.logger.org.directwebremoting=WARN, axm
log4j.appender.axmsyslog.Threshold=INFO
log4j.appender.axmsyslog=org.apache.log4j.net.SyslogAppender
log4j.appender.axmsyslog.SyslogHost=<IP/Hostname of Syslog>
log4j.appender.axmsyslog.layout=org.apache.log4j.PatternLayout
log4j.appender.axmsyslog.layout.ConversionPattern=%d %p %t %c - %m%n
log4j.appender.axmsyslog.Facility=USER
log4j.appender.axmsyslog.header=true
log4j.appender.axmsyslog.FacilityPrinting=true

  1. service crond stop
  2. service tomcat stop
  3. service ctrust restart
  4. service tomcat start
  5. service crond start
Legacy Article IDa41755

Attachments

    Outcomes