Hi
Can any advise RSA SecurID is capable of sending sys logs to MULTIPLE destinations.
if can please help advise how to configure it.
Thanks
Rajesh
Hi
Can any advise RSA SecurID is capable of sending sys logs to MULTIPLE destinations.
if can please help advise how to configure it.
Thanks
Rajesh
Yes. Send to syslog-ng. For more info on syslog-ng see syslog-ng - Open Source log management solution
1) Security console, setup, setting, logging, syslog, send syslog to the IP of the RSA server itself.
2) edit /etc/syslog-ng/syslog-ng.conf
a) change this in 'source src' section
udp(ip("127.0.0.1")
to this
udp(ip("0.0.0.0")
b) put in your destination logservers and ports
I have three in my example all using port 514
# Enable this and adopt IP to send log messages to a log server.
#
destination logserver {
udp("10.101.99.140" port(514));
udp("192.168.100.100" port (514));
udp("1.2.5.6" port (514));
};
3) bump syslog
/etc/init.d/syslog restart
Yes. Send to syslog-ng. For more info on syslog-ng see syslog-ng - Open Source log management solution
1) Security console, setup, setting, logging, syslog, send syslog to the IP of the RSA server itself.
2) edit /etc/syslog-ng/syslog-ng.conf
a) change this in 'source src' section
udp(ip("127.0.0.1")
to this
udp(ip("0.0.0.0")
b) put in your destination logservers and ports
I have three in my example all using port 514
# Enable this and adopt IP to send log messages to a log server.
#
destination logserver {
udp("10.101.99.140" port(514));
udp("192.168.100.100" port (514));
udp("1.2.5.6" port (514));
};
3) bump syslog
/etc/init.d/syslog restart