Troubleshooting Guide › Collecting Audit Records › Some Audit Log Messages Are Not Received By the Collection Server
Some Audit Log Messages Are Not Received By the Collection Server
Valid on UNIX
Symptom:
I configured the endpoints in my CA ControlMinder installation to route their local audit logs to a central log collection server, but the server does not receive all the audit logs. I configured selogrd to emit the audit records and selogrcd to collect the audit records.
Solution:
To troubleshoot selorgd, the emitter daemon for the CA ControlMinder log routing system, do the following:
- Review the selogrd.cfg file. This file configures which audit messages CA ControlMinder routes to the central log collector.
- Review the audit log for each endpoint. If an audit event is missing from the audit log, review the audit.cfg file. The audit.cfg file configures which audit events CA ControlMinder writes to the audit log. If the audit.cfg file prevents CA ControlMinder from writing an audit event to the audit log, the audit event cannot be routed.
- Configure selogrd, the emitter daemon for the log routing system, to print debug messages then recreate the problem. Use the following command to configure selogrd to print debug messages:
selogrd -d
Copyright © 2013 CA Technologies.
All rights reserved.
|
|