![]() ![]() ![]() Pre-configured script files – The administrator can download ready-made configuration script files with all parameters pre-configured for a specific customer/network from the 'Hard Assets' interface.Scripts can be configured and deployed in two ways: The NxSIEM console contains customer-specific configuration scripts for both utilities which will automatically configure the utilities to send logs to NxSIEM. Appendix 2 - Configuring Endpoints To Forward Logs To NxSIEM ServerĪs an alternative to installing an agent, logs can be collected from endpoints by configuring the Nxlog (Windows) and Rsyslog (Linux) utilities on target endpoints.Appendix 1 – Field Groups And Event Items Description.Viewing License And Subscription Details And Configuring NxSIEM Platform URL.Downloading NxSIEM Windows And Linux Agents.Configuring Nxlog And Rsyslog Servers To Send Logs To NxSIEM Server.Downloading And Installing The NxSIEM Agent On Endpoints.Logging-in To The Administrative Console.On the Linux setup, I have also tried setting a filename instead of "*.raw" but that did not work either. I used this same syntax on a Windows setup to test it, which worked it successfully removed files. In the debug log, I do not see an attempt to try and match files in the directory for removing: #Įxec file_remove('/eventarchive/processed/*.raw', (now())) As seen, I used a time interval of every 1 minute as I do not know the best way to have the file deleted after processing. Here is my config that does not throw any syntax errors when starting nxlog. From the nxlog documentation, I am using file_remove, which is not working. I am currently trying to remove a file after nxlog has finished processing. I am deploying nxlog on a Linux server (Red Hat Enterprise release 6.6). ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |