First of all, you need to Install InTrust in your environment. In order to work with TPAM, make sure that during setup you selected the TPAM Knowledge Pack to install with InTrust.
Caution: The Linux Knowledge Pack must be installed for InTrust in addition to the TPAM Knowledge Pack.
For detailed guidelines on installing InTrust, refer to the InTrust Deployment Guide.
The TPAM Knowledge Pack installation brings the following objects to InTrust:
InTrust takes advantage of the Syslog logging system on TPAM appliance. Syslog provides data for auditing activities.
In order to collect TPAM logs using InTrust, TPAM administrator should configure TPAM to forward log messages to a Linux host running one of the supported by InTrust versions of Red Hat Enterprise Linux or Oracle Linux on which you plan to install the InTrust agent later. That Linux host with the InTrust agent will act as a Syslog listener.
For information on how to configure the logs to be sent to the Syslog server, refer to TPAM documentation.
IMPORTANT: TPAM provides the Include Source: ApplianceName in syslog message option in its Syslog configuration settings. For InTrust to be able to collect TPAM events, this option must be turned off. If it is enabled, matching will fail for the resulting Syslog messages.
You need to permit the Syslog daemon to receive logs from the TPAM appliance on the Red Hat or Oracle Linux host to which you forwarded logs on step 2. For that, perform the Enabling Reception of External Syslog Messages procedure described in the Syslog Configuration topic
After this, you should be ready to receive events from TPAM.