Address SysLog Configuration Issues with SELinux

Depending on how the Director was installed and what version you're running, you may have an issue with configuring SysLog for audit log output, because the standard configuration in appliance Directors uses SELinux Enforcing mode.

Because SELinux enforcing mode is the default, you can add the default ports for SysLog to the SELinux configuration for appliances. The default SysLog ports are shown in the following table:

SysLog Type Protocol Port
UDP UDP 514
TCP TCP 601
TCP with TLS TCP 6514

The following options are available to enable SysLog output to work as expected:

SELinux Mode Action
Enforcing
  1. Connect using SSH, and during an elevated command line (sudo bash), run the command: 
    semanage port -a -t syslogd_port_t -p <tcp|udp> PORT_NUMBER
    After -p, add either tcp udp. For PORT_NUMBER, enter the appropriate port number.
  2. Run the following command to restart the Syslog service: 
    sudo systemctl restart rsyslog
Permissive or Disabled No action necessary.
© Copyright Mandiant. All rights reserved
  • First Published: June 20, 2023
  • Last updated: March 27, 2025
In This Article
Related Articles
  • None
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.