Steps for determining why IDS syslogd output is missing

Determine the cause for missing IDS syslogd output.

Procedure

Perform the following steps:

  1. Ensure that Policy Agent is running on this system
  2. Ensure that TRMD is running for this stack on this system. Consider using TCPIP PROFILE Autolog for TRMD.
  3. Ensure that syslogd is running on this system.
  4. Ensure that syslogd is configured for IDS output:
    • TRMD always writes to the syslog daemon facility.
    • Events are written to the syslog level configured in the relevant policy. Statistics are always written to INFO level.
    • If running multiple TRMDs, consider using trmd jobname prefix to separate IDS output by stack.
Parent topic: Diagnosing IDS output problems