Samhain - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual

68
Using Syslog
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
S
AMHAIN
The Samhain Host-Based Intrusion Detection System (HIDS) monitors changes to
files on the system. The Samhain DSM supports Samhain version 2.4 when used
for File Integrity Monitoring (FIM).
You can configure the Samhain DSM to accept one of the following log types:
• Using Syslog
Using JDBC
•
Before you configure STRM to integrate with Samhain using syslog, you must
configure Samhain to forward logs to your STRM system.
Note: The following procedure is based on the default samhainrc file. If the
samhainrc file has been modified, some values (such as syslog facility) may be
different.
To configure Samhain to forward logs using syslog to STRM:
Log in to the device running Samhain.
Open the following file:
/etc/samhainrc
Remove the comment marker (
SetLogServer=info
Save and exit the file.
Alerts are sent to the local system's syslog.
Open the following file:
/etc/syslog.conf
Add the following line:
local2.* @<IP Address>
Where
<IP Address>
Save and exit the file.
Configuring DSMs Guide
) from the following line:
#
is the IP address of the Event Collector.