How to Enable Event Logging and ACS Rules on Solaris and AIX Computers
Updated: May 13, 2016
Applies To: System Center 2012 R2 Operations Manager, System Center 2012 - Operations Manager, System Center 2012 SP1 - Operations Manager
This topic does not apply to Windows computers.
By default, Solaris and AIX computers do not log audit events. The logging configuration is controlled by the file located at /etc/syslog.conf. You must make edits to this file and then enable ACS rules.
To Configure the Solaris Syslog
-
Add the following code to the syslog.conf file:
auth.info;local2.info /var/log/authlog
Note
Use the TAB key to separate log components from the log file names. Spaces do not work.
-
Restart the Syslog daemon.
-
On Solaris 5.8 and 5.9, enter the following commands:
/etc/init.d/syslog stop
/etc/init.d/syslog start
On Solaris 5.10, enter the following commands:
svcadm refresh svc:/system/system-log
You now must enable the ACS rules.
To Configure the AIX Syslog
-
Add the following code to the syslog.conf file:
*.info /var/log/syslog.log rotate size 1m files 10
The Syslog file is rotated when it becomes larger than 1 megabyte (MB) and the number of rotated files is limited to 10.
Note
Use the TAB key to separate log components from the log file names. Spaces do not work.
-
Enter the following command to refresh the computer’s configuration:
# refresh –s syslogd
You now must enable the ACS rules.
To Enable ACS Rules
-
In the Operations console, click Authoring.
-
In the navigation pane, click Authoring, click Management Pack Objects, and then click Rules.
-
In the rules pane, search for the rule to be enabled. If the Look for bar is not available above the Rule list, navigate from the View menu, and then click Find.
-
Right-click the rule name for the rule that you want to enable, navigate to Overrides , click Override the Rule, and then click For all object of class for a class of objects to be monitored by the rule.
-
Set the Enabled parameter to True, modify the Override Value to True, and then click OK.
See Also
Collecting Security Events Using Audit Collection Services in Operations Manager
How to Configure Certficates for ACS Collector and Forwarder
Audit Collection Services Capacity Planning
Audit Collection Services Performance Counters
How to Enable Audit Collection Services (ACS) Forwarders
Audit Collection Services Security
How to Filter ACS Events for UNIX and Linux Computers
Monitoring Audit Collection Services Performance
How to Remove Audit Collection Services (ACS)
Audit Collection Services Administration (AdtAdmin.exe)