This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to replace sysklogd with rsyslog on an RSA Security Analytics or NetWitness EL5 appliance

Article Number

000029114

Applies To

RSA Product Set: Security Analytics, NetWitness
RSA Product/Service Type: Core Appliance, NextGen Appliance
RSA Version/Condition: 10.3.x and below
Platform: CentOS
O/S Version: 5
 

Issue

The Set Syslog Forwarding appliance task in the Security Analytics UI and the NetWitness Administrator thick client only functions with rsyslog and not with sysklogd, which is installed on the CentOS 5 appliances by default.

Task

This article will provide instructions for replacing the sysklogd package with rsyslog on an RSA Security Analytics or NetWitness appliance running CentOS 5.

Resolution

In order to replace the sysklogd package with rsyslog on an EL5 appliance, follow the steps below:
  1. Download the rsyslog-8.2.2-1.el5.centos.zip file that is attached to this article and use an FTP client to transfer it to the /tmp directory on the appliance.
  2. Login to the appliance via SSH and navigate to the /tmp directory.
  3. Extract the RPM packages from the .zip file with the following command:  unzip rsyslog-8.2.2-1.el5.centos.zip
  4. Issue the command cd rsyslogEL5 to enter the directory where the RPM packages are stored.
  5. Issue the command below to install the RPM packages. 
    
rpm -Uvh rsyslog-8.2.2-1.el5.centos.x86_64.rpm jemalloc-3.4.0-1.el5.centos.x86_64.rpm json-c-0.11-3.el5.centos.x86_64.rpm libestr-0.1.9-1.el5.centos.x86_64.rpm libgt-0.3.11-1.el5.centos.x86_64.rpm liblogging-1.0.4-1.el5.centos.x86_64.rpm
  6. After the installation is complete, issue the command rpm -qa | grep sysklogd to verify that the sysklogd package is no longer present.
  7. Issue the rpm -qa | grep rsyslog to confirm that the rsyslog package has been installed correctly.
  8. Check the status of the rsyslog service with the following command:  service rsyslog status
  9. If the rsyslog service is stopped, start the service with the service rsyslog start command.
  10. Configure the rsyslog service to start on boot with the following command:  chkconfig rsyslog on
  11. Verify that the command in Step 10 was successful by issuing the chkconfig --list rsyslog command.

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.

Notes

Below is a screenshot of the entire process of replacing the sysklogd package with rsyslog on a Series 3 concentrator running CentOS 5.

Image descriptionImage description

The full rsyslog repository where the RPM packages included in the attached zip file were obtained can be found here.
Attachments
rsyslog-8.2.2-1.el5.centos.zip
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-23 06:36 AM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.