Configure Red Hat Enterprise Linux to receive event logs

Set up a Syslog on Red Hat Enterprise Linux 8

The following steps describe how to configure rsyslog on Red Hat Enterprise Linux 8 to receive logs from Server & Workload Protection.

Uncomment the following lines near the top of the rsyslog.conf to change them from:

#module(load="imudp")
#input(type="imudp" port="514")

#module(load="imtcp")
#input(type="imtcp" port="514")

to

module(load="imudp")
input(type="imudp" port="514")

module(load="imtcp")
input(type="imtcp" port="514")

The following steps describe how to configure rsyslog on Red Hat Enterprise Linux 6 or 7 to receive logs from Server & Workload Protection.

Uncomment the following lines near the top of the rsyslog.conf to change them from:

#$ModLoad imudp
#$UDPServerRun 514

#$ModLoad imtcp
#$InputTCPServerRun 514

to

$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp
$InputTCPServerRun 514

Add the following two lines of text to the end of the rsyslog.conf:
- #Save Manager logs to DSM.log
- Local4.* /var/log/DSM.log
Note

You may need to replace Local4 with another value, depending on your Server & Workload Protection settings.
Save the file and exit.
Create the /var/log/DSM.log file by typing touch /var/log/DSM.log.
Set the permissions on the DSM log so that syslog can write to it.
Save the file and exit.
Restart syslog:
- On Red Hat Enterprise Linux 6: service rsyslog restart
- On Red Hat Enterprise Linux 7: systemctl restart rsyslog

When Syslog is functioning you will see logs populated in: /var/log/DSM.log

The following steps describe how to configure Syslog on Red Hat Enterprise Linux to receive logs from Server & Workload Protection.

When Syslog is functioning you will see logs populated in: /var/log/DSM.log