Event delivery to internal syslogΒΆ

To configure the system for Event delivery to internal syslog, do the following:

  1. Open an SSH session to the Plixer Endpoint Analytics appliance, and then elevate to root with the su command.

  2. Open the internal syslog configuration file by entering:

    # vi /etc/rsyslog.d/50-default.conf
  3. In line 9 of the file, replace:

    *.*;auth,authpriv.none -/var/log/auth.log


    *.*;auth,authpriv.* -/var/log/auth.log
  4. After saving the changes, enter the following command to restart the rsyslog service to apply the delivery changes:

    # systemctl restart rsyslog

With this configuration set, any Events that have syslog delivery enabled will be logged to the internal syslog on the Plixer Endpoint Analytics appliance every time they are triggered.