Enabling remote logging of the audit messages

Enable remote logging of the audit messages.

1. Start the EAT config utility using the firefox localhost:9877/eatAdmin/EATConfig.html command.
2. Assign a source ID for the scanner on the Audit Message Settings tab.

   

3. Click Save.
4. Click Enterprise Repository to switch to that tab.

   

5. Toggle the Enterprise Repository 1 radio button to On.
6. Fill in the remote (collector) Host Name/IP. Contact site IT for IP address.
7. Fill in the remote (collector) Port Number.
8. If a port other than 514 is used for remote syslog, a corresponding modification to the firewall rule configuration is required. The firewall is configured by default to allow only certain outbound destination ports.

   The file to modify is /usr/share/gehc_security/pnf/modality.sh. It contains instructions and standard iptables commands. Specific to syslog, modify the following lines in that file.

   # Below for remote syslog
   $IPTABLES -A OUTPUT -p udp -m udp --dport 514 -j ACCEPT
   $IPTABLES -A OUTPUT -p tcp -m tcp --dport 514 -j ACCEPT
   

9. Select the protocol for the remote (collector) (UDP or TCP).
10. Click Save.