Creating fixlet for my archsight log

emeka 2022-01-26 11:03:19 UTC #1

Hello all,

I want to create a fixlet that can help me pool out logs from my Linux machines to my SIEM.

If I am to do this manually, the steps will involve the following:

Log into the machine.
Open the /etc/syslog.conf file.
Add *.info@192.168.5.6 to the file
Save the file.
Restart the service using the command service syslog restart.

Please, How do I automate this tasks using BigFix?

SLB 2022-01-26 18:17:41 UTC #2

See if the method for appending to the hosts file is re-usable for your use case. Just need to change the file and line being inspected for, and if you prefer, just keep the parts relevant to the Linux platform.

All you may need to then do is add the command to restart the syslog service