|Applies To||RSA Product Set: NetWitness Logs & Network, Security Analytics|
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.6.x
Platform: CentOS 6
|Issue||After successfully adding the AWS CloudTrail event source as per the configuration guide, it is noticed that the log collector does not collect any logs.|
The failure message below is logged in the /var/log/messages file. (The failure is only logged if the event source is enabled.)
Running the command manually returns an error on 'chcon' as shown below.
|Cause||The chcon error can occur when the SELinux setting is set to disabled.|
Run getenforce to confirm the current SELinux mode.
|Resolution||Change the selinux mode to enforcing which is the default setting by modifying /etc/selinux/config.|
Reboot the log collector for the changes to take effect and confirm the log collection from the AWS event source.