Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Next »

Windows Configuration

By default IIS automatically starts outputting it’s logs into “C:\inetpub\logs\wmsvc”

To confirm the location of your log file follow the below:

On your IIS server navigate to “Server Manager”, Click “Tools” and select “Internet Information (IIS) Services”.

image-20250213-113532.png

Click on your server name then select the option for logging:

image-20250213-113822.pngimage-20250213-113839.png

Take note of the directory the log file will be stored in. by default the path will be:

%SystemDrive%\inetpub\logs\LogFiles

Agent Configuration

Snare can forward log data to Securonix using their pre-configured parsers. This guide outlines the steps to configure the Snare agent, along with links to the Securonix documentation on how to finalise configuration within Securonix itself.

  1. To collect the Radius logs from the newly created log file navigate to “Log Sources > Log Files”

  2. Click “Add”, Select the log type and select “ Microsoft IIS web server logs”

  3. Paste in the location of the log file e.g. C:\inetpub\logs\LogFiles\* into the “Log file or Directory Field”

    image-20250213-114359.png

  4. In the “Log File Format” Field input the name of the file e.g. *.log

  5. Once happy click Change configuration and restart the service to save the change.

  6. Follow steps outlined here to install the Snare agent. Agent Installation - Snare Windows Agent v5 Documentation - Confluence

  7. Once the agent is installed, login the web UI (https://localhost:6161) and select “Destination configuration”.

    image-20241203-093353.png

  8. Under the “Network Destinations” section, enter the domain/IP address and port for Snare Reflector, and ensure Format is “Snare” and “Delimiter Character” is “Tab”.

image-20241203-093630.png

  • No labels