|Applies To||RSA Product Set: Web Threat Detection|
RSA Version/Condition: 6.0, 6.1, 6.2
|Issue||By default RSA Web Threat Detection only logs info level logs into the syslog.|
|Resolution||To enable Debug level logs for a specific process follow the below steps:|
Once restart is done, the logs for this particular process will be written in DEBUG mode in the /var/log/wtdlocal4 file.
- Set the parameter to write in different file so that logs for other services are not affected.
- Open the file /etc/rsyslog.conf with the vi editor and add the new setting, as shwon below.
# Setting WTD to write to local4
- Navigate to the /var/opt/silvertail/etc/conf.d/ directory.
- Look for the process name for which logging needs to be changed and navigate inside the respective folder. For instance, if we are looking to change logging level for mitigator the folder name would be Mitigator-0.
- In this folder there will be a <ProcessName>.conf file. Open this file with the vi editor.
- Once the file is opened, look for section which is similar to the text below.
- Change the parameter for priority from "INFO" to "DEBUG" and facility from “user” to “local4” or any other parameter as set in Step 1. The new configuration should look similar to the example below.
- Save the file and exit the vi editor.
- Restart the syslog service (rsyslog) and then the process for which the changes are being made.
This would also ensure that other services are not affected.
|Notes||Please note that this is not applicable for the processes below:|