Audit logging to external syslog¶
If desired, Plixer Endpoint Analytics can also be configured to send audit log messages to a remote syslog server.
To enable audit logging to an external syslog server, do the following:
Run the following command:
# sudo vi /etc/syslog.conf to edit /etc/syslog.conf
Find the line
#*.* @log.host.addressand uncomment it by deleting the
log.host.addresswith the IP address or FQDN of the syslog server to which audit log messages should be delivered.
Save the changes to
syslog.confand restart the syslog process by running:
#service rsyslog restart