Previous Topic: selockNext Topic: seos


selogrd

In the [selogrd] section, the tokens control the behavior of the log routing daemons selogrd and selogrcd.

Caudit_size

Specifies the maximum size, in KB, of the audit collection file, before selogrcd creates a backup file and opens a new file.

The minimum value is 50 KB.

Default: 1024

CBackUp_Date

Sets the criterion by which selogrcd performs the backup.

Valid values include: none, yes, daily, weekly, and monthly.

If you specify yes, CA ControlMinder performs backups according to the size limit token Caudit_size and timestamps the file.

If you specify none, CA ControlMinder performs the backup according to the Caudit_size token but does not timestamp the file.

If you specify daily, weekly, or monthly, selogrcd adds a timestamp when it first creates the file. When the current date passes the timestamp, CA ControlMinder automatically creates a backup file and timestamps it.

However, if the size of the file exceeds the value of the Caudit_size token first, CA ControlMinder creates a backup file without issuing a timestamp.

Default: NONE

ChangeLogFactor

Specifies the factor applied to the value in the token Interval before testing whether the log file was changed to a backup file. For example, if the Interval token is set to 5 and the ChangeLogFactor token is set to 5 (the default), CA ControlMinder waits 25 seconds before checking whether the log file was changed to a backup file.

Default: 5

CipherName

Specifies the name of the file that contains the encryption functions used by selogrd if the UseEncryption token is set to eTrust.

This file must be placed in the ACInstallDir/lib/ directory.

The CipherName is a symbolic link to a shared object file.

Default: adcipher

CollectFile

Specifies the name of the file in which the audit collector daemon selogrcd stores the collected audit records.

Default: ACInstallDir/log/seos.collect.audit

CollectFileBackup

Specifies the name that selogrcd uses when backing up and renaming the file of collected audit records when it receives the USR1 signal.

Default: ACInstallDir/log/seos.collect.bak

ConsolePort

Specifies the name or port number for selogrd - secmon communication. It is necessary only if you plan to run both selogrcd and secmon on the same host.

If specified, seolgrd - secmon communication is done using the specified port; otherwise they use the port specified in the ServicePort token, or use RPC portmapper to dynamically allocate a port if that token is also empty. The service name must be a UDP port because the log routing daemon uses UDP for communication.

If the token value is a number, daemons bind to the specified port number.

If the token value is a service name (string), /etc/services or NIS services maps are used to resolve the port number.

Default: Token not set (value taken from ServicePort token)

DataFile

Specifies the name of the file to which the target routing information is written before being delivered to the specified targets.

Default: ACInstallDir/log/logroute.dat

Interval

Specifies the time interval, in seconds, between each poll of the log file by the selogrd daemon.

Default: 5

KeyFile

Specifies the name of the file that holds the audit encryption key.

This key is used when selogrd performs CA ControlMinder audit encryption. The location of key file is ACInstallDir/lib directory.

The key can be changed by sechkey utility.

Default: adcipher.bin

Mailer

Specifies the name of the program that selogrd uses to send email.

Note: This option is relevant only if you set the UseSmtpMail token to yes.

Default: /bin/mail

MaxErrorSending

Specifies whether selogrd will send error messages to syslog regarding difficulties sending audit records to selogrcd, only after the number of difficulties surpasses this token value.

The default value is 1, which means that every time selogrd has difficulties sending to selogrcd, it sends a message to syslog.

Default: 1

MaxSeqNoSleep

Specifies the maximum number of log records scanned by selogrd without sleeping.

Default: 50

RefuseUnencrypted

Specifies whether selogrcd will accept unencrypted audit. It is used in conjunction with the UseEncryption token and is redundant if UseEncryption is set to no. It is therefore applicable only if selogrcd uses encryption.

Valid values are:

yes- refuse unencrypted audit

no- accept both encrypted and unencrypted audit

Default: no

RouteFile

Specifies the name of the log routing configuration file. The file is used unless overridden by the selogrd utility's ‑config option.

Default: ACInstallDir/log/selogrd.cfg

SavePeriod

Specifies the time interval, in minutes, between saving information about the number of records sent.

Default: 2

sendmail_header_format

Determines the user name format in the header of mail that selogrd sends.

Note: Change this token value only if selogrd cannot send mail. (That is, if you see an error 4634 from selogrd in your syslog.)

Valid values include the following:

1-The user name format is SmtpMailFrom

For example: eTrust_Admin

2-The user name format is SmtpMailFrom@hostname (where hostname is the host which selogrd runs on).

For example: eTrust_Admin@machine

Default: 1

ServicePort

Specifies the name or port number that the log routing facility must use.

If specified, selogrd and selogrcd use the specified port; otherwise selogrd and selogrcd use the RPC portmapper to dynamically allocate a port.

If the token has a value, selogrd and selogrcd use the specified port; otherwise, selogrd and selogrcd dynamically allocate a UDP port using the RPC portmapper. The service name must be a UDP port because the log routing daemon uses UDP for communication.

If the token value is a number, daemons bind to the specified port number.

If the token value is a service name (string), /etc/services or NIS services maps are used to resolve the port number.

Only a UDP port/service can be specified.

Default: Token not set (selogrd and selogrcd use RPC portmapper to dynamically allocate a port)

SmtpMailFrom

Specifies the identity of the sender for UseSmtpMail.

Default: AccessControl_Admin

SmtpMailServer

Specifies the address of the remote mail server host. Use this if UseSmtpMail is set to yes. If you do not specify this token, the local machine is assumed to be the mail server.

Default: (blank ‑ local server)

SmtpTimeLimit

Specifies the time limit, in seconds, that selogrd waits for the mail server to answer before timing out.

Default: 100

tec_conf_file

Specifies the name of the configuration file that is used for the TEC event creation by the selogrd daemon.

Default: /etc/tecad_seos.conf

UseEncryption

Determines the type of encryption.

Valid values include the following:

native-selogrd uses CA ControlMinder standard encryption.

eTrust-selogrd uses audit log encryption through adcipher.

no-selogrd does not use encryption.

Default: no

UseSmtpMail

Determines whether to use the direct mail feature or the previous Mailer.

Default: yes

More information:

selogrcd Daemon—Collect Audit Records

selogrd Daemon—Emit Audit Records