Troubleshooting
Problem
Guardium is sending the following messages from syslog to SIEM: init: ttyS0 (/dev/ttyS0) main process ended, respawning init: ttyS0 (/dev/ttyS0) main process (XXXXX) terminated with status 1 init: ttyS1 (/dev/ttyS1) main process ended, respawning init: ttyS1 (/dev/ttyS1) main process (XXXXX) terminated with status 1
Diagnosing The Problem
These messages are sent to SIEM when tty services are on and there is a rule in the remotelog configuration with facility.property set to daemon.warning.
This includes the rules all.all, daemon.all, and daemon.warning
Resolving The Problem
Option 1 - Disable ttyS0 and ttyS1 services
This will prevent the messages being written to the Guardium internal syslog.
In cli run:
store system serialtty off
Option 2 - Define remotelog so daemon.warning messages are not sent to SIEM
This will write the messages to the Guardium internal syslog, but they will not be sent to external SIEM.
In cli use:
store remotelog
To define remotelog settings to send messages of facility.priority not including daemon.warning.
For detailed information on this command see Configuration and Control CLI Commands
Note - Some policy alert messages may not be sent to SIEM by using this option. Refer to Facility and priority of syslog messages for more information.
Related Information
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z0000001erwAAA","label":"SIEM"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
01 July 2020
UID
swg22001522