How to enable debug logs in RSA Web Threat Detection

4 years ago

Originally Published: 2017-06-14

Article Number

000059065

Applies To

RSA Product Set: Web Threat Detection
RSA Version/Condition: 6.0, 6.1, 6.2
Platform: UNIX

Issue

By default RSA Web Threat Detection only logs info level logs into the syslog.

Resolution

To enable Debug level logs for a specific process follow the below steps:

Set the parameter to write in different file so that logs for other services are not affected.
1. Open the file /etc/rsyslog.conf with the vi editor and add the new setting, as shwon below.
```
# Setting WTD to write to local4
local4.*/var/log/wtdlocal4
```
Navigate to the /var/opt/silvertail/etc/conf.d/ directory.
Look for the process name for which logging needs to be changed and navigate inside the respective folder. For instance, if we are looking to change logging level for mitigator the folder name would be Mitigator-0.
In this folder there will be a <ProcessName>.conf file. Open this file with the vi editor.
Once the file is opened, look for section which is similar to the text below.
```
<logger
priority="INFO"
facility="user"
context="0"
/>
```
Change the parameter for priority from "INFO" to "DEBUG" and facility from “user” to “local4” or any other parameter as set in Step 1. The new configuration should look similar to the example below.
```
<logger
priority="DEBUG"
facility="local4"
context="0"
/>
```
Save the file and exit the vi editor.
Restart the syslog service (rsyslog) and then the process for which the changes are being made.

Once restart is done, the logs for this particular process will be written in DEBUG mode in the /var/log/wtdlocal4 file.
This would also ensure that other services are not affected.

Notes

Please note that this is not applicable for the processes below:

AnnoDb
Cassandra
ScoutProxy
SiteProxy

Don't see what you're looking for?

Related Articles

Trending Articles