Audit logging to external syslog

If desired, Plixer Endpoint Analytics can also be configured to send audit log messages to a remote syslog server.

To enable audit logging to an external syslog server, do the following:

1. Run the following command:

   # sudo vi /etc/syslog.conf to edit /etc/syslog.conf
   

2. Find the line #*.* @log.host.address and uncomment it by deleting the #.

3. Replace log.host.address with the IP address or FQDN of the syslog server to which audit log messages should be delivered.

4. Save the changes to syslog.conf and restart the syslog process by running:

   #service rsyslog restart