|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
|Issue||The contents of /var/log/messages are not forwarded along with the application-level log streams. This means that a remote syslog aggregator or SIEM system will not see any logins to the operating system or attempts to use SU.|
|Tasks||Edit the syslog config file to enable forwarding.|
You have to do this on each instance that you want to see the syslog -- these settings are not replicated.