Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Paul_Starr
Participant

Admin only logs in Log Exporter

Is it possible to set Log Exporter to only syslog admin audit logs and not traffic logs. I have seen within file:

/opt/CPrt-R80/log_exporter/targets/logrhythm/conf/log_indexer_settings.conf  the setting :log_files (all)

(
        :connections (
#               :domain (
#                                       :management (
#                                                       :name (127.0.0.1)
#                                                       :log_files (all)
#                                                       :is_local (true)
#                                                       :read_mode (CPMI)
#                                       )
#                                       :log_servers (
#                                                       : (
#                                                               :name (<management IP/Log Server IP>)
#                                                               :sic_name_client  (<DN of the OPSEC Application Object>)
#                                                               :sic_name_server (<DN of the Mangement/Log Server>)
#                                                               :certificate_file (<Certificate File Name>)
#                                                               :read_mode (LEA)
#                                                               :log_files (all)

However the documentation is limited, and I can not be sure if this can be changed and to what value to send on admin audit logs.

1 Reply
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events