Enterprise Administration Guide › Administering CA ControlMinder Enterprise Management › Audit Data › Route Message Queue Audit Messages to UNIX Syslog

Route Message Queue Audit Messages to UNIX Syslog

Valid on UNIX

You can configure the Enterprise Management Server to route message queue audit messages to the UNIX syslog. Each time the Enterprise Management Server writes an audit message to the audit log, a corresponding event is sent to the syslog.

To route message queue audit messages to UNIX syslog

1. Stop the JBoss application server, if running.
2. Navigate to the following directory, where JBOSS_HOME indicates the directory where you installed JBoss:

   JBOSS_HOME\server\default\conf\
   

3. Open the jboss-log4j.xml file.
4. Add an appender named "ENTM_UNIXEventLog" in the class.

   The appender specifies the class to use for auditing and how to display the data.

5. Specify the logger that the appender binds to as a input channel for the audit messages. Insert the following code before the <root> element of jboss-log4j.xml:

   <logger name="EventLog">
       <appender-ref ref="ENTM_UNIXSysLog"/>
   </logger>
   

6. Save and close the file.
7. Open the /etc/syslog.conf file and verify that the syslog routes the messages to the /var/log/messages file.
8. Open the /etc/sysconfig/syslog parameters file and verify that the remote mode option appears in the following entry:

   SYSLOGD_OPTIONS="-m 0-r"
   

9. Restart the syslog daemon. Run the following command:

   /etc/rc.d/init.d/syslog restart
   

   The syslog daemon starts.

10. Start the JBoss application server.

    The Enterprise Management Server will now route message queue audit message to the UNIX syslog

Example: Modify the jboss-log4j.xml file to send message queue audit messages to UNIX SysLog

The following snippet shows the jboss-log4j.xml file after a LogAppender object was created:

<appender name="ENTM_UNIXSysLog"
                        class="org.apache.log4j.net.SyslogAppender">
    <param name="Facility" value="USER"/>
    <param name="FacilityPrinting" value="false"/>
    <param name="SyslogHost" value="localhost"/>
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%p - [CA AC ENTM]: %m%n"/>
    </layout>
</appender>

<logger name="EventLog">
    <appender-ref ref="ENTM_UNIXSysLog"/>
</logger>

In this example, you did the following:

• Added the appender:"ENTM_UNIXSysLog"
• Created a class: "org.apache.log4j.net.SyslogAppender"
• Defined the param name: "Facility" and the value "USER"
• Defined the param name: "FacilityPrinting" with the value "false"
• Defined a param name: "SyslogHost" with the value "localhost"
• Defined a layout class: "org.apache.log4j.PatternLayout"
• Defined a param name: "ConversionPattern" with the value: "%p - [CA AC ENTM]: %m%n"
• Defined the logger name: "EventLog"
• Defined an appender-ref: ref="ENTM_UNIXSysLog"