In the [selogrd] section, the tokens control the behavior of the log routing daemons selogrd and selogrcd.
Specifies the maximum size, in KB, of the audit collection file, before selogrcd creates a backup file and opens a new file.
The minimum value is 50 KB.
Default: 1024
Sets the criterion by which selogrcd performs the backup.
Valid values include: none, yes, daily, weekly, and monthly.
If you specify yes, CA ControlMinder performs backups according to the size limit token Caudit_size and timestamps the file.
If you specify none, CA ControlMinder performs the backup according to the Caudit_size token but does not timestamp the file.
If you specify daily, weekly, or monthly, selogrcd adds a timestamp when it first creates the file. When the current date passes the timestamp, CA ControlMinder automatically creates a backup file and timestamps it.
However, if the size of the file exceeds the value of the Caudit_size token first, CA ControlMinder creates a backup file without issuing a timestamp.
Default: NONE
Specifies the factor applied to the value in the token Interval before testing whether the log file was changed to a backup file. For example, if the Interval token is set to 5 and the ChangeLogFactor token is set to 5 (the default), CA ControlMinder waits 25 seconds before checking whether the log file was changed to a backup file.
Default: 5
Specifies the name of the file that contains the encryption functions used by selogrd if the UseEncryption token is set to eTrust.
This file must be placed in the ACInstallDir/lib/ directory.
The CipherName is a symbolic link to a shared object file.
Default: adcipher
Specifies the name of the file in which the audit collector daemon selogrcd stores the collected audit records.
Default: ACInstallDir/log/seos.collect.audit
Specifies the name that selogrcd uses when backing up and renaming the file of collected audit records when it receives the USR1 signal.
Default: ACInstallDir/log/seos.collect.bak
Specifies the name or port number for selogrd - secmon communication. It is necessary only if you plan to run both selogrcd and secmon on the same host.
If specified, seolgrd - secmon communication is done using the specified port; otherwise they use the port specified in the ServicePort token, or use RPC portmapper to dynamically allocate a port if that token is also empty. The service name must be a UDP port because the log routing daemon uses UDP for communication.
If the token value is a number, daemons bind to the specified port number.
If the token value is a service name (string), /etc/services or NIS services maps are used to resolve the port number.
Default: Token not set (value taken from ServicePort token)
Specifies the name of the file to which the target routing information is written before being delivered to the specified targets.
Default: ACInstallDir/log/logroute.dat
Specifies the time interval, in seconds, between each poll of the log file by the selogrd daemon.
Default: 5
Specifies the name of the file that holds the audit encryption key.
This key is used when selogrd performs CA ControlMinder audit encryption. The location of key file is ACInstallDir/lib directory.
The key can be changed by sechkey utility.
Default: adcipher.bin
Specifies the name of the program that selogrd uses to send email.
Note: This option is relevant only if you set the UseSmtpMail token to yes.
Default: /bin/mail
Specifies whether selogrd will send error messages to syslog regarding difficulties sending audit records to selogrcd, only after the number of difficulties surpasses this token value.
The default value is 1, which means that every time selogrd has difficulties sending to selogrcd, it sends a message to syslog.
Default: 1
Specifies the maximum number of log records scanned by selogrd without sleeping.
Default: 50
Specifies whether selogrcd will accept unencrypted audit. It is used in conjunction with the UseEncryption token and is redundant if UseEncryption is set to no. It is therefore applicable only if selogrcd uses encryption.
Valid values are:
yes- refuse unencrypted audit
no- accept both encrypted and unencrypted audit
Default: no
Specifies the name of the log routing configuration file. The file is used unless overridden by the selogrd utility's ‑config option.
Default: ACInstallDir/log/selogrd.cfg
Specifies the time interval, in minutes, between saving information about the number of records sent.
Default: 2
Determines the user name format in the header of mail that selogrd sends.
Note: Change this token value only if selogrd cannot send mail. (That is, if you see an error 4634 from selogrd in your syslog.)
Valid values include the following:
1-The user name format is SmtpMailFrom
For example: eTrust_Admin
2-The user name format is SmtpMailFrom@hostname (where hostname is the host which selogrd runs on).
For example: eTrust_Admin@machine
Default: 1
Specifies the name or port number that the log routing facility must use.
If specified, selogrd and selogrcd use the specified port; otherwise selogrd and selogrcd use the RPC portmapper to dynamically allocate a port.
If the token has a value, selogrd and selogrcd use the specified port; otherwise, selogrd and selogrcd dynamically allocate a UDP port using the RPC portmapper. The service name must be a UDP port because the log routing daemon uses UDP for communication.
If the token value is a number, daemons bind to the specified port number.
If the token value is a service name (string), /etc/services or NIS services maps are used to resolve the port number.
Only a UDP port/service can be specified.
Default: Token not set (selogrd and selogrcd use RPC portmapper to dynamically allocate a port)
Specifies the identity of the sender for UseSmtpMail.
Default: AccessControl_Admin
Specifies the address of the remote mail server host. Use this if UseSmtpMail is set to yes. If you do not specify this token, the local machine is assumed to be the mail server.
Default: (blank ‑ local server)
Specifies the time limit, in seconds, that selogrd waits for the mail server to answer before timing out.
Default: 100
Specifies the name of the configuration file that is used for the TEC event creation by the selogrd daemon.
Default: /etc/tecad_seos.conf
Determines the type of encryption.
Valid values include the following:
native-selogrd uses CA ControlMinder standard encryption.
eTrust-selogrd uses audit log encryption through adcipher.
no-selogrd does not use encryption.
Default: no
Determines whether to use the direct mail feature or the previous Mailer.
Default: yes
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|