Previous Topic: Log RoutingNext Topic: Audit Log Route Encryption


Log Routing Configuration

To start selogrd or selogrcd automatically when seosd starts, set the seos.ini tokens selogrd or selogrcd in the [daemons] sections to yes. Then when you run seload, seload starts the daemons for you.

For example, the appropriate tokens in the [daemons] section of the soes.ini should look as follows:

selogrd = yes
selogrcd = yes

Since the log‑routing facility uses RPC to route audit records, placing a log audit collector behind a firewall does not allow simple blocking of UDP ports because there is no way to know which port the portmapper assigns to the server daemon. To solve this problem, you can use the token ServicePort to assign a predefined port to the server daemon.

If the firewall allows port 111 from outside the network (portmapper port), you should only change the seos.ini file in the server. If the firewall does not allow communication to portmapper in the protected network, both clients and server must agree on a specific port.

You can ensure this by setting the same value in the ServicePort token in the seos.ini files of both clients and the server. You can specify a number-which means that the daemons bind to the specified port-or a service name. If you specify a service name, both clients and the server must have the same service resolution. For example, if you specify the service name seoslogr, then add the following to the /etc/services file of the clients and the server:

seoslogr 2022/udp # Audit log‑routing

If the clients or the server are using NIS to resolve services, you must update the NIS services map.