Skip to main content
Skyhigh Security

Adapt the rsyslog system file for the data transfer

Adapt the rsyslog system file on Web Gateway to ensure that syslog data is successfully sent to Trellix ESM.

Task

  1. Select Configuration | File Editor.
  2. On the files tree, select rsyslog.conf.
    The file content appears on the configuration pane.
  3. Edit the file to adapt it for the data transfer.
    The edited file should look as shown in the following. The modified lines are in the paragraph that begins with: The below will direct all daemon.info messages to the remote syslog server ...

NOTE: The information that you provide here includes the IP address of the Skyhigh Security SIEM Receiver.

# default parameters
$DirCreateMode 0755
$FileCreateMode 0640
$FileGroup adm
$umask 0026

# Include config files in /etc/rsyslog.d
$IncludeConfig /etc/rsyslog.d/*.conf

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*
/dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!

# The following directs all daemon.info messages to the
# remote syslog server at [IP_OF_MCAFEE_EVENT_RECEIVER]
# add @@ for TCP syslog for example
#daemon.info @192.168.1.1
*.info;daemon.!=info;mail.none;authpriv.none;cron.none
-/var/log/messages

# The authpriv file has restricted access.
authpriv.*
/var/log/secure

# Log all the mail messages in one place.
mail.*
/var/log/maillog

# Log cron stuff
cron.*
/var/log/cron

# Everybody gets emergency messages
*.emerg

# Save news errors of level crit and higher in a special file.
uucp,news.crit
/var/log/spooler

# Save boot messages also to boot.log
local7.*
/var/log/boot.log
  1. Click Save Changes.
  • Was this article helpful?