Install and configure SolarWinds SEM agent on a Solaris server

This article provides steps on how to Install and configure the Solaris agent and connectors to log Solaris daemon logs to the Security Event Manager (formerly Log & Event Manager).

NOTE: This article assumes that you have enabled Solaris Basic Security Mode (BSM). If not follow my article Enabling the Solaris Auditing Subsystem.
  1. Download the Solaris SEM agent installer from your SolarWinds customer portal to a computer.
  2. Upload the downloaded agent to /var/tmp on your Solaris server
  3. Extract the agent:
    # cd /var/tmp
    # unzip SolarWinds.....
    If you uploaded the file as a user other than root, then check if the file has execute perm for the user if not give executable perm via chmod +x setup.bin
  4. Launch the installer:
    # ./setup.bin
  5. Answer all the questions and specify the IP address/FQDN of your SEM Appliance when prompted.
  6. Manually start the Solaris agent:
    # /usr/local/contego/ContegoSPOP/SWLEM-agent start
  7. Copy the file "SWLEM-agent" (from /usr/local/contego/ContegoSPOP/SWLEM-agent)
    # cp /usr/local/contego/ContegoSPOP/SWLEM-agent /etc/init.d
  8. To verify the process is running:
    # ps -ef | grep contego
  9. To stop the agent, run:

    # /etc/init.d/SWLEM-agent stop
  10. Finally, follow the document Configure SEM connectors to configure individual connectors for the logs you would like to monitor.