Configure remote log agents

Configure the remote log agent to send events to a remote authorization server for recording. For example:

[aznapi-configuration]
logcfg = category:remote buffer_size=size,
     compress={yes|no},error_retry=timeout,path=name,
     flush_interval=number_seconds,rebind_retry=timeout,
     server=hostname,port=number,dn=identity,
     queue_size=number,hi_water=number

Parameter names can be shortened to any unambiguous name. For example, the hi_water parameter can be shortened to hi.

Requests to log an event remotely are accepted on a best effort basis only. If the remote authorization server is not available, captured events are cached locally and relayed at a later date, if and when the server becomes available. Only one remote logging connection is established to a remote authorization server. Consider the case where multiple configuration entries are made to:

• Selectively capture events,
• Capture events at different points of the event pool hierarchy, and
• To the same remote server.

Then, the remote connection is established according to the options of the first remote configuration entry processed. Multiple remote connections can be configured to log to different remote authorization servers. Events received at the remote authorization server are placed in the event pool of that server. The events are placed in a different location from where they were originally captured on the client system. All events entering a host through the remote logging service are placed in a category constructed in the following manner:

remote.client-category-domain.hostname.program 

The short name version of the host name is shown in some of the examples, however, the fully qualified host name is often required. To obtain system configuration information, we can use the gethostbyname command. To relay events remotely on host amazon, we might use this example:

[aznapi-configuration] logcfg = audit:remote buffer=2000,compress=y,
error=2,path=remote.cache,rebind=600,server=timelord,port=7136

• Parameters for remote log agents
  We can define the following parameters for remote log agents:
• Sending events to a remote authorization server
  We might configure IBM Security Verify Access to send event records to a remote authorization server.

Parent topic: Defining logcfg entries