AnsweredAssumed Answered

Admin only logs in Log Exporter

Question asked by Paul Starr on Apr 26, 2018
Latest reply on Apr 27, 2018 by Paul Starr

Is it possible to set Log Exporter to only syslog admin audit logs and not traffic logs. I have seen within file:

/opt/CPrt-R80/log_exporter/targets/logrhythm/conf/log_indexer_settings.conf  the setting :log_files (all)

 

(
        :connections (
#               :domain (
#                                       :management (
#                                                       :name (127.0.0.1)
#                                                       :log_files (all)
#                                                       :is_local (true)
#                                                       :read_mode (CPMI)
#                                       )
#                                       :log_servers (
#                                                       : (
#                                                               :name (<management IP/Log Server IP>)
#                                                               :sic_name_client  (<DN of the OPSEC Application Object>)
#                                                               :sic_name_server (<DN of the Mangement/Log Server>)
#                                                               :certificate_file (<Certificate File Name>)
#                                                               :read_mode (LEA)
#                                                               :log_files (all)

 

However the documentation is limited, and I can not be sure if this can be changed and to what value to send on admin audit logs.

Outcomes