Versions Compared

Old Version 6

changes.mady.by.user Dinesh Murugaiyan

Saved on

compared with

New Version Current

changes.mady.by.user KS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table 1-1: Port requirements for LCP communication.

Source

Destination

Port

Description

Unix/Linux/Solaris server

LCP

514 (UDP) or

601 (TCP)

Default port

 

 Configuring

...

Red Hat Enterprise Linux, Debian Linux, Oracle Linux, SUSE Linux, Ubuntu Linux,Huawei EulerOS, Alma Linux and CentOS operating systems

You can configure Unix OS devices using different syslog daemons to send event logs to the LCP.

...

  1. From a Unix server, login with root privileges.

  2. To stop syslogd, at the command prompt, type the following command as required:

HP-UX

/sbin/init.d/syslogd stop

IBM AIX

stopsrc -s syslogd

Solaris 8 and 9

/etc/init.d/syslog stop

  1. Use a text editor, such as vi, to open and edit the /etc/syslog.conf file.

Add the following line in the syslog.conf file: *.info  @IP_address_of_the_LCP

...

3. To start or restart syslogd, type the following command as required:

HP-UX

/sbin/init.d/syslogd start

IBM AIX

startsrc -s syslogd

Solaris 8 and 9

/etc/init.d/syslog start

Solaris 10 and 11

svcadm restart svc:/system/system-log

Red Hat Linux 3-5,

Debian Linux 3 - 4.9

/etc/init.d/syslogd restart

Red Hat Linux 6,

Oracle Linux 5.0 - 6.5,

CentOS 5.0 - 6.5

/etc/init.d/rsyslog restart

Mac OS X

Run the terminal utility and then at the command prompt, type the following command to restart syslogd:

launchctl unload /System/Library/ LaunchDaemons/com.apple.syslogd.plist; sleep1;

launchctl load /System/Library/ LaunchDaemons/com.apple.syslogd.plist

Note: This command must be entered in one line, there is no carriage return or linefeed.

Anchor
rsyslogd
rsyslogd
Configuring Syslog Message Forwarding Using rsyslogd (RHEL/Huawei EulerOS/Alma Linux)

To configure syslog message forwarding using rsyslogd:

...

Table 1-2: The Unix OS event collector (Syslog -3252) properties to be configured by Accenture are given in the table.

Property

Default Value

Description

Protocol                      

UDP

The default protocol for syslog.

The collector can also accept logs in TCP.

Note: While TCP offers guaranteed delivery of log packets, it places a larger overhead on the LCP. To balance TCP for reliability over UDP for speed/simplicity, contact the  Accenture Security Onboarding team.

IP  Address

Unix OS Interface IP address

Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ).

Note: If the device sends logs using multiple interfaces, contact the Accenture Security Onboarding team.

Signatures    

ipmon, audispd:, named, httpd:, login:,

dhclient, sshd, su, LOGIN, pam_unix,

xinetd, kernel, useradd, adduser, userdel,

gdm, rpc.statd, usermod, init:, reboot:,

ftpd, last message repeated, shutdown:,

Firewall[, passwd, shadow, in.telnetd, audit:,

SuSEfirewall2:, auditd, gnome-keyring-daemon,

vsftpd:, chage, groupdel, groupadd, vsftpd[, , login[,

groupmod, unix_chkpwd, chpasswd,

gdm-session-worker

Accenture Security recommended signatures processed by the Unix event collector.

Port Number    

514

The default port for UDP. For TCP, the default port is 601.

Note: The LCP can be configured to listen on a non-standard port, please advise the Accenture Security Onboarding team if this is a requirement.