Enterprise Administration Guide › Administering CA ControlMinder Enterprise Management › Audit Data › Route Message Queue Audit Messages to UNIX Syslog
Route Message Queue Audit Messages to UNIX Syslog
Valid on UNIX
You can configure the Enterprise Management Server to route message queue audit messages to the UNIX syslog. Each time the Enterprise Management Server writes an audit message to the audit log, a corresponding event is sent to the syslog.
To route message queue audit messages to UNIX syslog
- Stop the JBoss application server, if running.
- Navigate to the following directory, where JBOSS_HOME indicates the directory where you installed JBoss:
JBOSS_HOME\server\default\conf\
- Open the jboss-log4j.xml file.
- Add an appender named "ENTM_UNIXEventLog" in the class.
The appender specifies the class to use for auditing and how to display the data.
- Specify the logger that the appender binds to as a input channel for the audit messages. Insert the following code before the <root> element of jboss-log4j.xml:
<logger name="EventLog">
<appender-ref ref="ENTM_UNIXSysLog"/>
</logger>
- Save and close the file.
- Open the /etc/syslog.conf file and verify that the syslog routes the messages to the /var/log/messages file.
- Open the /etc/sysconfig/syslog parameters file and verify that the remote mode option appears in the following entry:
SYSLOGD_OPTIONS="-m 0-r"
- Restart the syslog daemon. Run the following command:
/etc/rc.d/init.d/syslog restart
The syslog daemon starts.
- Start the JBoss application server.
The Enterprise Management Server will now route message queue audit message to the UNIX syslog
Example: Modify the jboss-log4j.xml file to send message queue audit messages to UNIX SysLog
The following snippet shows the jboss-log4j.xml file after a LogAppender object was created:
<appender name="ENTM_UNIXSysLog"
class="org.apache.log4j.net.SyslogAppender">
<param name="Facility" value="USER"/>
<param name="FacilityPrinting" value="false"/>
<param name="SyslogHost" value="localhost"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%p - [CA AC ENTM]: %m%n"/>
</layout>
</appender>
<logger name="EventLog">
<appender-ref ref="ENTM_UNIXSysLog"/>
</logger>
In this example, you did the following:
- Added the appender:"ENTM_UNIXSysLog"
- Created a class: "org.apache.log4j.net.SyslogAppender"
- Defined the param name: "Facility" and the value "USER"
- Defined the param name: "FacilityPrinting" with the value "false"
- Defined a param name: "SyslogHost" with the value "localhost"
- Defined a layout class: "org.apache.log4j.PatternLayout"
- Defined a param name: "ConversionPattern" with the value: "%p - [CA AC ENTM]: %m%n"
- Defined the logger name: "EventLog"
- Defined an appender-ref: ref="ENTM_UNIXSysLog"
Copyright © 2013 CA Technologies.
All rights reserved.
|
|