Article Content
Article Number | 000036318 |
Applies To | RSA Product Set: NetWitness Logs & Network, Security Analytics RSA Product/Service Type: Log Collector RSA Version/Condition: 10.6.x Platform: CentOS 6 |
Issue | After successfully adding the AWS CloudTrail event source as per the configuration guide, it is noticed that the log collector does not collect any logs. The failure message below is logged in the /var/log/messages file. (The failure is only logged if the event source is enabled.)
Running the command manually returns an error on 'chcon' as shown below.
|
Cause | The chcon error can occur when the SELinux setting is set to disabled. Run getenforce to confirm the current SELinux mode. |
Resolution | Change the selinux mode to enforcing which is the default setting by modifying /etc/selinux/config. FROM
TO
Reboot the log collector for the changes to take effect and confirm the log collection from the AWS event source. |