Versions Compared

Old Version 2

changes.mady.by.user Satyajit Singh

Saved on

compared with

New Version Current

changes.mady.by.user Svetlana Sheptiy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • select Add to create a new log monitor
  • Modify to update an existing log monitor
  • Delete to remove the audit policylog monitor

Editing a Log Configuration

The following parameters for the log inputs may be set:

...

  • Select the Log Type. The log type of a file will tell the Snare server or other SIEM how to handle the incoming data stream and in which table the processed information should be stored. The available log types are:
GenericLogGeneric log format (default)
ApacheLogApache web logs
ExchMTLogExchange message tracking logs pre 2007
Exch2008MTLogExchange message tracking logs 2007
Exch2013MTLogExchange message tracking logs 2010/2013
IISWebLogMicrosoft IIS web server logs
ISAFWSLogMicrosoft ISA firewall logs
ISAWebLogMicrosoft ISA web logs
MSProxySvrMicrosoft proxy server logs
MSDNSServerMicrosoft DNS server logs
SMTPSvcLogMicrosoft SMTP logs
SquidProxyLogSquid proxy logs
VMSLogVMS Security Logs
NCRATMLogNCR ATM Journal Logs
Custom Event LogUser configurable log type. When this is selected the desired format can be added in the text field.
  • Multi-Line Format. How you would like the agent to send events to the Snare Server or other SIEM.

...

    • All matching files - Users may create a single log monitor for all files within a directory
    • Last matching file – Users may monitor the last file located within a directory, found alphabetically.
    • First matching file – Users may monitor the first file located within a directory, found alphabetically.
    • Fixed number of first matching files - Users may monitor the set number of first matched files within a directory.
    • Fixed number of last matching files - Users may monitor the set number of last matched files within a directory.
    • Number of files (1-65535) - This option is available when a Fixed a Fixed number of first matching files or Fixed number of last matching files option is selected. This option takes the fixed number of first/last matching files within a directory that will be monitored.

...

  1. Click on Change Configuration to save any changes to the registry and to return to the Log Configuration main page.  It will summarise the details of the log files to monitor.   At this time, if the Log File or Directory does not exist, or if no files are found in that directory to be watched, the Matching File column will be displayed in red as below. If this is the case It will summarise the details of the log files to monitor or display "No matches" in the the Matching File(s) column. If no matching files were found, check your paths and log file formats.
  2. Click on the Apply Configuration & Restart Service menu item.

...