Previous Topic: Some Audit Log Messages Are Not Received By the Collection ServerNext Topic: SID Resolution Failed (Event Viewer Warning)


No Audit Log Messages Are Received By the Collection Server

Valid on UNIX

Symptom:

I configured the endpoints in my CA ControlMinder installation to route their local audit logs to a central log collection server, but the server does not receive any audit logs. I configured selogrd to emit the audit records and selogrcd to collect the audit records.

Solution:

Verify that selogrcd is running on the log collection server.

Note: If selogrcd does not run for an extended period of time, audit events may be discarded by the endpoints.

More information:

selogrcd Daemon—Collect Audit Records