Host GS: Core Service Logging Configuration

Document created by RSA Information Design and Development on Jun 22, 2017Last modified by RSA Information Design and Development on Jul 27, 2017
Version 2Show Document
  • View in full screen mode

This topic lists and describes the logging configuration parameters for all RSA Security Analytics Core services.

Logging configuration is the same on all Security Analytics Core services.

The following table describes the logging configuration settings:

Logs Configuration Folder/logs/config
log.dirDisplays the directory where the log database is stored. Optional assigned max size (=#) is in MBs. Change takes effect on service restart.
log.levelsControls what types of log messages are stored (comma separated). Module specific settings are defined like this: <Module>=[debug|info|audit|warning|failure|all|none]. Change takes effect immediately.
log.snmp.agentSets a remote SNMP Trap Receiving agent.
snmp.trap.versionSets the SNMP version to be used for gets and traps (2c or 3).
snmpv3.engine.bootsDisplays the SNMPv3 engine boots count. This field auto-increments on startup and should not normally need to be set by the user.
snmpv3.engine.idSets the SNMPv3 engine ID, which is 10-64 hexadecimal digit number optionally preceded by 0x. You can add suffix values at the end of the engine ID for each of the SA Core services running on the same host. For example, if the generated Engine ID for the SA Core host is  0x1234512345, you can set the Engine ID for the Decoder service as 0x123451234501 and set 0x123451234504 for the Appliance service.
snmpv3.trap.auth.local.keySets the SNMPv3 Trap Authentication Local Key, which is a 16 or 20 hexadecimal digit number (depending on which authentication protocol is used) preceded by 0x. For MD5, the key is 16 hexadecimal digits, while SHA uses 20 hexadecimal digits. You can use any desired algorithm to generate the local keys. It is recommended that a generation method involving randomness be used as opposed to selecting key values manually.
snmpv3.trap.auth.protocolDisplays the SNMPv3 Trap Authentication Protocol (none, MD5 or SHA).
snmpv3.trap.priv.local.keySets the SNMPv3 Trap Privacy Local Key, which is a 16 hexadecimal digit number preceded by 0x.
snmpv3.trap.priv.protocolDisplays the SNMPv3 Trap Privacy Protocol (none or AES). the SNMPv3 Trap Security Level, which indicates whether authentication and privacy are used or not. Possible values are noAuthNoPriv, authNoPriv or authPriv. the SNMPv3 Trap Security Name used during SNMPv3 trap authentication.
syslog.size.maxDisplays the maximum size of a log sent to syslog (some syslog daemons have issues with very large messages). Zero means no limit. Change takes effect immediately.
You are here
Table of Contents > References > Service Configuration Settings > Core Service Logging Configuration