TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
>Here's how to configure RS Host and the syslog.conf file on a Unix host
to monitor the Unix machine.
>
>On the Unix machine:
>
>1) Be sure the RealSecure hostname and IP address are in the /etc/hosts
file
>2) edit syslog.conf file.
> add the following line:
>
> auth.notice @rshostmachine
>
>auth.notice will send the SU failures and ROOT logins to the
>rshostmachine. To send everything the system generates use the following
line:
>
>*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug
>@rshostmachine
>
>Note that the above line will send ALL messages from the unix machine to
the rshostmachine in cleartext. This might not be something a customer
would want, and in fact, the syslog.conf file should be tailored to use the
alerts that they are watching via the policy. For more info check out the
syslog.conf man page.
>
>(For example, to watch mail alerts you can do the following...)
>
>mail.info @rshostmachine
>
>3) Restart the syslog daemon by doing the following:
> % ps -ef | grep syslogd
> % kill -HUP <processid from above statement>
>
>4) You may want to enable the ability to login to the unix machine as
root. To do this you need to comment out the "CONSOLE" line in the
/etc/default/login file.
>
>On the RSHOST machine
>
>1) Enable the unix selections you wish to watch... For a test, I enabled
the first selection Unix Root Logins, and SU failures..
>
>2) Save the policy and apply to the host agent.
>
>3) Telnet into the unix machine as root or su to root to ensure you see
the alert pop up in the RS console.
>
>-----Original Message-----
>From: PUICHAUD Patrice [mailto:[EMAIL PROTECTED]]
>Sent: Friday, November 26, 1999 3:50 AM
>To: [EMAIL PROTECTED]
>Subject: syslog redirection
>
>
>
>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
>[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
>problems!
>---------------------------------------------------------------------------
-
>
>Hi,
>I am using RealSecure v3.2 and I want to monitor an HP-UX host using NT
>system agent.
>What do I need to do to redirect my HP-UX syslog to the system agent?
>(details about the syslog configuration)
>
>Moreover, my system agent is deployed on a host in my DMZ. What kind of
>rules to I have to add in my FW-1 to allows communication between the
>console and the agent ?
>
>Thanks in advance
>patrice
================================================
Audra N. Eng
Technical Product Manager
Internet Security Systems
Office: 415-379-3566
FAX: 415-831-4780
E-Mail: [EMAIL PROTECTED]
==============================================
