Troubleshooting
Problem
Aug 31 05:10:45 g106cm1 nanny:[4335]: One of more remote syslog servers are not accepting logs: 192.168.1.100
Resolving The Problem
Guardium version 10 patch 630 introduces two configurable parameters to control how it monitors remote syslog receivers.
NANNY_ALERT_RSYSLOG
Purpose: If Guardium should monitor syslog receivers or not
Valid values:
0: Do not monitor syslog receivers
1: Monitor syslog receivers
If port scanning is blocked, set this parameter to 0 to avoid false negatives
NANNY_ALERT_RSYSLOG_FREQ
Purpose: How frequently in hours, should Guardium check syslog receivers.
Valid values:
0: Default of every 300 seconds
>0: Once every configured hour
If the default value results in too many messages sent, adjust this parameter as necessary
These parameters are viewed and modified by grdapi command get_guard_param and modify_guard_param.
Viewing the configured values:
grdapi get_guard_param paramName=NANNY_ALERT_RSYSLOG
grdapi get_guard_param paramName=NANNY_ALERT_RSYSLOG_FREQ
Example:
g106cm1.example.com> grdapi get_guard_param paramName=NANNY_ALERT_RSYSLOG
ID=0
NANNY_ALERT_RSYSLOG value: 1
ok
Modifying the parameters:
g106cm1.example.com> grdapi modify_guard_param paramName=NANNY_ALERT_RSYSLOG paramValue=0
ID=0
ok
g106cm1.example.com> grdapi get_guard_param paramName=NANNY_ALERT_RSYSLOG
ID=0
NANNY_ALERT_RSYSLOG value: 0
ok
Changes to NANNY_ALERT_SYSLOG and NANNY_ALERT_SYSLOG_FREQ will be logged to syslog. For example:
Aug 30 15:48:24 g11cm1 nanny:[14960]: NANNY_ALERT_RSYSLOG set to 0. Nanny will not monitor rsyslog servers
Aug 30 17:28:33 g11cm1 nanny:[16757]: NANNY_ALERT_RSYSLOG set to 1
Aug 30 17:32:07 g11cm1 nanny:[18457]: NANNY_ALERT_RSYSLOG_FREQ set to 1 hour(s)
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
02 October 2019
UID
ibm11072462