How to enable Syslog Server on SecurID Access Prime running on Linux

2 years ago

Originally Published: 2020-06-22

Article Number

000064680

Applies To

RSA Product Set: SecurID Access Prime
RSA Version/Condition: 1.8.x
Platform: Linux
Platform (Other): null
O/S Version: null
Product Name: null
Product Description: null

Issue

SecurID Access Prime does not send log to Syslog Server.

Tasks

Configure SecurID Access Prime to send logs to Syslog Server.

Resolution

1) Edit and set AMIS, SSP, and HDAP setenv.sh files as following:

NOTE: Change the IP Address 10.222.247.34 to your syslog server's IP Address.

*** AMIS

vi /opt/rsa/primekit/configs/amis/tomcat-amis/setenv.sh

export CATALINA_OPTS="$CATALINA_OPTS -Dsyslog.server=10.222.247.34"

*** SSP

vi /opt/rsa/primekit/configs/ssp/tomcat-ssp/setenv.sh

export CATALINA_OPTS="$CATALINA_OPTS -Dsyslog.server=10.222.247.34"

*** HDAP

vi /opt/rsa/primekit/configs/hdap/tomcat-hdap/setenv.sh

export CATALINA_OPTS="$CATALINA_OPTS -Dsyslog.server=10.222.247.34"

2) Edit and set the following xml files as following:

*** AMIS

vi /opt/rsa/primekit/configs/amis/am8-logconfig.xml

IMPORTANT: Make sure the syslog.server variable is set.

<param name="syslogHost" value="${syslog.server}"/>

<param name="syslogHost" value="${syslog.server}"/>

IMPORTANT: Make sure the AM8_AUDIT_SYSLOG is not commented as showing below:

<logger name="com.rsa.ucm.am8.audit" additivity="false">
<level value="INFO"/>
<appender-ref ref="AM8_AUDIT_daily"/>
<appender-ref ref="AM8_AUDIT_SYSLOG"/>
</logger>

Use the following screenshot as reference.
User-added image

*** SSP

vi /opt/rsa/primekit/configs/ssp/config/logconfig.xml

IMPORTANT: Make sure the syslog.server variable is set.

<param name="syslogHost" value="${syslog.server}"/>

IMPORTANT: Make sure the SSP_AUDIT_SYSLOG is not commented.

<logger name="audit.com.rsa.pso" additivity="false">
<level value="INFO" />
<appender-ref ref="SSP_AUDIT_daily" />
<appender-ref ref="SSP_AUDIT_SYSLOG" /> -->
</logger>

Use the following screenshot as reference.
User-added image

*** HDAP

vi /opt/rsa/primekit/configs/hdap/config/laplogconfig.xml

IMPORTANT: Make sure the syslog.server variable is set.

<param name="syslogHost" value="${syslog.server}"/>

<param name="syslogHost" value="${syslog.server}"/>

IMPORTANT: Make sure the HDAP_AUDIT_SYSLOG is not commented.

<logger name="audit.com.rsa.pso" additivity="false">
<level value="INFO"/>
<appender-ref ref="HDAP_AUDIT_daily"/>
<appender-ref ref="HDAP_AUDIT_SYSLOG"/>
</logger>

Use the following screenshot as reference.
User-added image

3) Restart all SecurID Access Prime Services.

cd /opt/rsa/primekit/scripts

./ssp_shutdown.sh
./hdap_shutdown.sh
./amis_shutdown.sh

./amis_startup.sh
./ssp_startup.sh
./hdap_startup.sh

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles