Policy Server Guides › Policy Server Administration Guide › Configuring Policy Server Logging › How to Record Events to the Syslog

How to Record Events to the Syslog

Administrators can record Policy Server events to the syslog on supported operating environments. The following graphic describes how to record events to the syslog:

Follow these steps:

1. Open the console.
2. Set the syslog options.
3. Restart your Policy Server with the following steps:
   • Stop your Policy Server.
   • Start your Policy Server.

Open the Console

To change your settings, open the console.

Follow these steps:

1. Verify that an X-windows server is running on your system.
2. Open a terminal window.
3. Set the DISPLAY variable with the following command:

   export DISPLAY=IP_address:0.0
   

   IP_address

   Specifies the IP address of where the console window appears. Use the IP address of the system from which you are connecting to the console.

   Example: (IPV4) 192.168.1.1

   Example: (IPV6) 2001:DB8::/32

4. Log in to the system hosting the console.
5. Navigate to the following directory:

   installation_directory/siteminder/bin
   

   installation_directory

   Specifies the location in the file system where the Policy Server is installed.

   Default: /opt/CA/siteminder

6. Open the console by running the following command:

   ./smconsole
   

Set the Syslog Options

Setting the syslog options on the console specifies which events are recorded in the syslog.

Note: For more information about the Syslog and its settings, see this website.

Follow these steps:

1. Enable syslog recording with the following steps:
   1. Click the Data tab.
   2. Click the Database drop-down list, and then pick Audit Logs.
   3. Click the Storage drop-down list, and then pick Syslog.
2. Select the text in the Priority field, and then type the value that you want from the following list:

   Priority

   Specifies the event priority recorded in the syslog. Pick one of the following values:

   • LOG_EMERG
   • LOG_ALERT
   • LOG_CRIT
   • LOG_ERR
   • LOG_WARNING
   • LOG_NOTICE
   • LOG_INFO
   • LOG_DEBUG

   Default: LOG_INFO

3. Select the text in the Facility field, and then type value that you want from the following list:

   Facility

   Specifies which events in the operating environment are recorded to the syslog. Pick one of the following values:

   • LOG_AUTH
   • LOG_AUTHPRI
   • LOG_CRON
   • LOG_DAEMON
   • LOG_FTP
   • LOG_KERN
   • LOG_LPR
   • LOG_MAIL
   • LOG_NEWS
   • LOG_SYSLOG
   • LOG_USER
   • LOG_UUCP
   • LOG_LOCAL0
   • LOG_LOCAL1
   • LOG_LOCAL2
   • LOG_LOCAL3
   • LOG_LOCAL4
   • LOG_LOCAL5
   • LOG_LOCAL6
   • LOG_LOCAL7

   Default: LOG_AUTH

4. (Optional) Replace the text in the following field:

   Text

   Specifies the text in an event that you want to record in the syslog. For example, if you specify the word tiger, then any events containing the word tiger are recorded in the syslog.

   Default: Siteminder

5. Click OK.

   The console closes and the syslog options are set.

Stop a UNIX Policy Server

Stopping a Policy Server has the following results:

• The Policy Server is temporarily removed from your environment.
• Agents who need authorization or authentication decisions cannot contact the stopped Policy Server. Those Agents can still connect to other Policy Servers that are available.
• All logging activity stops.

Follow these steps:

1. Log in to the system hosting the Policy Server with the same user account that installed the Policy Server originally.
2. Stop all Policy Server processes, with one of the following actions:
   • Open the Management Console, click the Status tab, and then click the Stop buttons.
   • Use the following script. This script also stops the UNIX executive so that the processes do not restart automatically.

     installation_path/siteminder/stop-all
     

   The Policy Server logs all UNIX executive activity in the installation_directory/log/smexec.log file. Log entries are always appended to the existing log file.

Start a UNIX Policy Server

Starting Policy Server has the following results:

• Agents contact the Policy Server for authorization or authentication decisions.
• Logging begins.

Start all Policy Server processes, with one of the following actions:

• Open the Management Console, click the Status tab, and then click the Start buttons.
• Use the following script. This script also starts the UNIX executive.

  installation_path/siteminder/start-all
  

The Policy Server logs all UNIX executive activity in the installation_directory/log/smexec.log file. Log entries are always appended to the existing log file.