Configure Red Hat Enterprise Linux to receive event logs

Set up a Syslog on Red Hat Enterprise Linux 6 or 7

The following steps describe how to configure rsyslog on Red Hat Enterprise Linux 6 or 7 to receive logs from Workload Security.

Uncomment the following lines near the top of the rsyslog.conf to change them from:

#$ModLoad imudp
#$UDPServerRun 514

#$ModLoad imtcp
#$InputTCPServerRun 514

$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp
$InputTCPServerRun 514

Add the following two lines of text to the end of the rsyslog.conf:
- #Save Manager logs to DSM.log
- Local4.* /var/log/DSM.log
You may need to replace Local4 with another value, depending on your Workload Security settings.
Save the file and exit.
Create the /var/log/DSM.log file by typing touch /var/log/DSM.log.
Set the permissions on the DSM log so that syslog can write to it.
Save the file and exit.
Restart syslog:
- On Red Hat Enterprise Linux 6: service rsyslog restart
- On Red Hat Enterprise Linux 7: systemctl restart rsyslog

When Syslog is functioning you will see logs populated in: /var/log/DSM.log

The following steps describe how to configure Syslog on Red Hat Enterprise Linux to receive logs from Workload Security.

Log in as root.
Execute:
vi /etc/syslog.conf
Add the following two lines of text to the end of the syslog.conf:
- #Save Manager logs to DSM.log
- Local4.* /var/log/DSM.log
You may need to replace Local4 with another value, depending on your Workload Security settings.
Save the file and exit.
Create the /var/log/DSM.log file by typing touch /var/log/DSM.log.
Set the permissions on the DSM log so that syslog can write to it.
Execute:
vi /etc/sysconfig/syslog
Modify the line " SYSLOGD_OPTIONS " and add a " -r " to the options.
Save the file and exit.
Restart syslog: /etc/init.d/syslog restart

When Syslog is functioning you will see logs populated in: /var/log/DSM.log