Previous Topic: Review syslog Integrations and ListenersNext Topic: Verify that CA User Activity Reporting Module Is Receiving syslog Events

Implementation GuideConfiguring Event CollectionConfiguring the Default AgentCreate a syslog Connector for the Default Agent

Create a syslog Connector for the Default Agent

Create a syslog connector to receive syslog events using the default agent on the CA User Activity Reporting Module server.

To create a syslog connector for the default agent

  1. Log into CA User Activity Reporting Module and access the Administration tab.
  2. Expand the Agent Explorer and an agent group.

    The default agent is automatically installed into the Default Agent Group. You can move this agent to another group.

  3. Select the agent name.

    The default agent has the same name you gave the CA User Activity Reporting Module server during installation.

  4. Click Create New Connector to open the connector wizard.
  5. Click the Listeners option and provide a name for this connector.
  6. Apply suppression rules, and suppression rules as needed in the second and third pages of the wizard.
  7. Select one or more targeted syslog integrations from the Available list to use with this connector, and move them to the Selected list.
  8. Set UDP and TCP port values, if you are not using the defaults, and provide a list of trusted hosts if your implementation uses them.

    Note: When a CA User Activity Reporting Module agent does not run as root, it cannot open a port below 1024. The default syslog connector therefore uses UDP port 40514. The installation applies a firewall rule to the CA User Activity Reporting Module server to redirect traffic from port 514 through 40514.

  9. Select a time zone.
  10. Click Save and Close to finish the connector.

    The connector begins collecting syslog events that match the selected integrations on the ports you specified.