InTrust 11.4.2 - Preparing for Auditing TPAM

Step 1. Install InTrust with TPAM Knowledge Pack

First of all, you need to Install InTrust in your environment. In order to work with TPAM, make sure that during setup you selected the TPAM Knowledge Pack to install with InTrust.

For detailed guidelines on installing InTrust, refer to the InTrust Deployment Guide.

Predefined Objects

The TPAM Knowledge Pack installation brings the following objects to InTrust:

• Data source: “TPAM through Red Hat Linux Syslog”
• Gathering policy: “TPAM: All Syslog Events”
• Task: TPAM Syslog - daily collection“”
• Site: “TPAM hosts”

Step 2. Configure TPAM Log Forwarding

InTrust takes advantage of the Syslog logging system on TPAM appliance. Syslog provides data for auditing activities.

In order to collect TPAM logs using InTrust, TPAM administrator should configure TPAM to forward log messages to a Linux host running one of the supported by InTrust versions of Red Hat Enterprise Linux or Oracle Linux on which you plan to install the InTrust agent later. That Linux host with the InTrust agent will act as a Syslog listener.

For information on how to configure the logs to be sent to the Syslog server, refer to TPAM documentation.

Step 3. Allow Syslog Reception on Linux Host

You need to permit the Syslog daemon to receive logs from the TPAM appliance on the Red Hat or Oracle Linux host to which you forwarded logs on step 2. For that, perform the Enabling Reception of External Syslog Messages procedure described in the Syslog Configuration topic

After this, you should be ready to receive events from TPAM.

Step 4. Install the Agent

You need to install an InTrust agent on the Red Hat Enterprise Linux or Oracle Linux host to which you forwarded logs on step 2. For details, see Installing Agents Manually on Linux Computers.