000035269 - How to enable debug logs in RSA Web Threat Detection

Document created by RSA Customer Support Employee on Jun 17, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035269
Applies ToRSA Product Set: Web Threat Detection
RSA Version/Condition: 6.0, 6.1, 6.2
Platform: UNIX
IssueBy default RSA Web Threat Detection only logs info level logs into the syslog.
ResolutionTo enable Debug level logs for a specific process follow the below steps:
  1. Set the parameter to write in different file so that logs for other services are not affected.
    1. Open the file /etc/rsyslog.conf with the vi editor and add the new setting, as shwon below.
      # Setting WTD to write to local4

  2. Navigate to the /var/opt/silvertail/etc/conf.d/ directory.
  3. Look for the process name for which logging needs to be changed and navigate inside the respective folder.  For instance, if we are looking to change logging level for mitigator the folder name would be Mitigator-0.
  4. In this folder there will be a <ProcessName>.conf file.  Open this file with the vi editor.
  5. Once the file is opened, look for section which is similar to the text below.

  6. Change the parameter for priority from "INFO" to "DEBUG" and facility from “user” to “local4” or any other parameter as set in Step 1.  The new configuration should look similar to the example below.

  7. Save the file and exit the vi editor.
  8. Restart the syslog service (rsyslog) and then the process for which the changes are being made.
Once restart is done, the logs for this particular process will be written in DEBUG mode in the /var/log/wtdlocal4 file.
This would also ensure that other services are not affected.
NotesPlease note that this is not applicable for the processes below:
  • AnnoDb
  • Cassandra
  • ScoutProxy
  • SiteProxy