Previous Topic: selogrcd Daemon—Collect Audit RecordsNext Topic: seostngd Daemon


selogrd Daemon—Emit Audit Records

Valid on UNIX

Emitter daemon for the CA ControlMinder log routing system.

Note: selogrd does not work in IPv6-only environments.

The CA ControlMinder log routing, daemons selogrd and selogrcd, provide system administrators with convenient, selective access to the audit log records.

The selogrd utility is the emitter daemon. This daemon distributes selected local audit log records to the various destination hosts; reformats audit log records into email messages, ASCII files, or user windows; and sends out notification messages based on audited events.

Note: The CA ControlMinder daemon must be up and running before the log routing daemons can collect any meaningful information on CA ControlMinder events. If the CA ControlMinder daemon is not running, selogrd routes only old audit records.

The log routing daemons use a configuration file to determine where each audit log record is sent, the format in which the log record is written, and which records are routed. By default, selogrd uses the ACInstallDir/log/selogrd.cfg audit log route configuration file. The names of the configuration file and other global environment variables that selogrd and selogrcd use are specified in the CA ControlMinder initialization file, seos.ini.

The selogrd daemon periodically restarts and reads the configuration file. In addition, you can force the selogrd daemon to restart at a specified time. To do so, you must send the following HUP signal:

kill ‑HUP processID
processID

Defines the selogrd process ID. (Use the UNIX ps command to find it; see your UNIX documentation for more information.)

The selogrd utility provides API access for programmers working under CA ControlMinder. The Logroute API allows programmers to incorporate their own options into the CA ControlMinder audit log system to support in‑house alerts not provided by the current log‑routing facility. The Logroute API also allows programmers to use the log routing daemons to provide functions to their own programs. For more information on all the CA ControlMinder APIs, see the SDK Developer Guide.

This command has the following format:

selogrd [-audit fileName] [-config fileName] [-d] \
[-data fileName] [-pmdb policy-model-name]
‑audit fileName

Defines the audit file to use instead of the file listed in seos.ini for the input audit file.

‑config fileName

Defines the configuration file to use instead of the file listed in seos.ini for the configuration file.

‑d

Specifies to print debug messages.

‑data fileName

Defines the data file to use instead of the file listed in seos.ini to store routing progress information.

‑h

Displays the help for this utility.

‑pmdb policymodelname

Instructs selogrd where to route audit data from a PMDB. The command tells selogrd to send audit data from the PMDB that you specified in the command, to the audit file that you specified in the audit_log token in the pmd.ini file of the PMDB.

By default, selogrd uses the data file and lock file that consist of the Policy Model name. If you specify the data file or lock file or both on the command line, those files override the default values. The lock file and data file names should be different from those of the selogrd that route the audit data of the station. selogrd can only support Policy Model names of 12 characters.

The audit data that is sent from a PMDB appears in the collected audit file as if it comes from a station with the name policy‑model‑name@station‑name