To install the Syslog Connector,
Download the latest Syslog Connector (.zip file) from the Sentinel Plug-ins Web site to the server where the Sentinel Control Center is running.
The Syslog Connector is located under the Connectors tab.
Log in to the Sentinel Control Center.
Select Event Source Management > Live View, then select Tools > Import plugin.
Select Import Collector Script or Connector plugin package file (.zip) option, then click Next.
Browse to and select the .zip file you just downloaded, then click Next.
You must use the latest plug-ins available from the Sentinel Plug-ins Web site.
Follow the remaining prompts, then click Finish.
For upgrading the Syslog Connector, see the Sentinel Plug-ins Web site.
You can configure the auditlogconfig.properties file to enable the Syslog Connector to receive messages sent from Identity Manager. These events are then processed by the Identity Manager Collector.
There are multiple ways to configure the Syslog Connector. The following instructions use the right-click menu items on the Event Source Management Graph view.
Right-click the <Name of the Collector>, then click Add Connector.
Select View Compatible Connection Methods Only.
Select Syslog from the list of installed connectors, then click Next.
Select the Event Source Server (UDP, TCP, or SSL), then click Next. Click Add to add an Event Source server manually.
Finish the configuration of the connector with the following information, then click Finish.
Name: Specify a name for this connector.
Run: Select whether the connector is started whenever the Collector Manager is started.
Alert if no data received in specified time period: (Optional) Select this option to send the No Data Alert event to Sentinel if not data is received by the connector in the specified time period.
Limit Data Rate: (Optional) Set a maximum limit on the rate of data the connector sends to Sentinel. If the data rate limit is reached, Sentinel throttles back on the source in order to limit the flow of data.
Set Filter: (Optional) Specify a filter on the raw data passing through the connector.
Copy Raw Data to a File: (Optional) Save the raw data passing through this connector to a file for further analysis.
By default, the Identity Manager installation process installs the required Syslog RPMs. For more information about enabling the Syslog Connector, see Understanding the auditlogconfig.properties File.