Skip to main content
Skip table of contents

Auditing - SIEM events

SIEM activities for websecadmin admin can be found here:
SIEM activities fro Application user activities (login, etc) can be found here:

Example of events - see excel file:


How rsyslog works:

→ it monitors specific events/files on the system and send by default to /var/log/messages but it also can send them to a rsyslog server.

→ Veridium can have configured 2 files to be send to Rsyslog server (see below configuration examples)

(based on article )

How to configure rsyslog in order to deliver the events to a rsyslog: 

Due to the fact that logrotate with copytruncate is configured, the following configurations should be done in rsyslog file (this can be added in /etc/rsyslog.conf or in /etc/rsyslog.d/events.conf). Please fill in the proper IP of rsyslog server.

This should be configured on each webapp.

module(load="imfile" PollingInterval="10")
input(type="imfile" File="/var/log/veridiumid/websecadmin/events.log" Tag="ver-adminevents" reopenOnTruncate="on")
input(type="imfile" File="/var/log/veridiumid/tomcat/events.log" Tag="ver-events" reopenOnTruncate="on")

if $programname == 'ver-events' then @@
if $programname == 'ver-adminevents' then @@


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.