Chat now with support
Chat with Support

InTrust 11.4.1 - Preparing for Auditing TPAM

Step 1. Install InTrust with TPAM Knowledge Pack

First of all, you need to Install InTrust in your environment. In order to work with TPAM, make sure that during setup you selected the TPAM Knowledge Pack to install with InTrust.

Caution: The Linux Knowledge Pack must be installed for InTrust in addition to the TPAM Knowledge Pack.

For detailed guidelines on installing InTrust, refer to the InTrust Deployment Guide.

Predefined Objects

The TPAM Knowledge Pack installation brings the following objects to InTrust:

  • Data source: “TPAM through Red Hat Linux Syslog”
  • Gathering policy: “TPAM: All Syslog Events”
  • Task: TPAM Syslog - daily collection“”
  • Site: “TPAM hosts”

Step 2. Configure TPAM Log Forwarding

InTrust takes advantage of the Syslog logging system on TPAM appliance. Syslog provides data for auditing activities.

In order to collect TPAM logs using InTrust, TPAM administrator should configure TPAM to forward log messages to a Linux host running one of the supported by InTrust versions of Red Hat Enterprise Linux or Oracle Linux on which you plan to install the InTrust agent later. That Linux host with the InTrust agent will act as a Syslog listener.

For information on how to configure the logs to be sent to the Syslog server, refer to TPAM documentation.

IMPORTANT: TPAM provides the Include Source: ApplianceName in syslog message option in its Syslog configuration settings. For InTrust to be able to collect TPAM events, this option must be turned off. If it is enabled, matching will fail for the resulting Syslog messages.

Step 3. Allow Syslog Reception on Linux Host

You need to permit the Syslog daemon to receive logs from the TPAM appliance on the Red Hat or Oracle Linux host to which you forwarded logs on step 2. For that, perform the Enabling Reception of External Syslog Messages procedure described in the Syslog Configuration topic

After this, you should be ready to receive events from TPAM.

Step 4. Install the Agent

You need to install an InTrust agent on the Red Hat Enterprise Linux or Oracle Linux host to which you forwarded logs on step 2. For details, see Installing Agents Manually on Linux Computers.

Related Documents