Building Collector Plugins Admin Guide

Size: px
Start display at page:

Download "Building Collector Plugins Admin Guide"

Transcription

1 Building Cllectr Plugins Admin Guide Cpyright Alienvault 2010 All rights reserved. N part f this wrk may be reprduced r transmitted in any frm r by any means, electrnic r mechanical, including phtcpying, recrding, r by any infrmatin strage r retrieval system, withut the prir written permissin f the cpyright wner and publisher. Any trademarks referenced herein are the prperty f their respective hlders.

2 Table f Cntent 1 Overview OSSIM Agent Rle Event Cllectin Event Nrmalizatin OSSIM Server Rle Event Enrichment Plicies and Actins The Cnfiguratin Wrkflw Cnfiguring Detectr Plugins Rsyslg Cnfiguratin File Listener Cnfiguratin Filters OSSIM Agent Cnfiguratin Cnfiguratin File Parameters Detectr Plugin Cnfiguratin Cnfiguratin Files Cmmn Event Types Parameters Using Lcal (Plugin) Variables Using Glbal (Agent) Variables Aliases Path Predefined Regular Expressins Functins Path Cnversins Applicatin Specific Translatins User Defined Translatins Event Fields Rules Evaluatin Order Page 2 Cpyright Alienvault 2010

3 2.7.2 Structure Lading Plugins Pririty and Reliability values SQL Statement Plugin Activatin Activate the Plugin n the Server Side Activate the Plugin n the Agent Side Lg files Debugging Appendix Regular Expressins Cnfiguratin Example Scenari Write a script t mnitr the last status Lg sample Cllect the lgs in a new lg file Restart rsyslg Check whether the new entries are written in the new lg file Create a plugin file Register the Plugin with the OSSIM Agent Register the Plugin with the OSSIM Server Check whether the plugin was successfully registered Restart the OSSIM Server Restart the OSSIM Agent Check whether Events and Alarms are received Page 3 Cpyright Alienvault 2010

4 1 Overview 1.1 OSSIM Agent Rle Event Cllectin The cllectin prcess invlves extracting the data lgs frm the surce systems (Security, OS, RDBMS, etc.) and allws first steps fr event lg filtering. At this stage can be decided what is ging t be read by the OSSIM Agent and what is ging t be discarded befre having an impact n the system perfrmance. Befre starting t write a plugin sme actins t reduce the amunt f events culd be cnsidered: - Manage the lg level settings at the applicatin and managed device level - Fix the prblem that is generating events - Use Pcap filters t ignre certain hsts r netwrks (Snrt, Tcpdump...) - In deplyments with a big amunt f analysed data, filtering at the applicatin level shuld be dne whenever pssible Lg Files Gd practice is t use ne lg file per plugin in rder t increase perfrmance. Having just ne generic lg file, all the plugins wuld have t read the same extensive cntent in rder t catch the few relevant entries. Using rsyslg it is pssible t filter the cllected lgs based n the syslg tags Event Nrmalizatin In the nrmalizatin stage a series f rules r functins applies t the data extracted frm the surce system in rder t transfrm it in a cmmn OSSIM frmat. Raw Event The raw event might be a generic syslg message, an applicatin lg, an SNMP trap, the result f an SNMP r SQL Query r sme ther kind f infrmatin in a mre r less structured frm that is appended t a lg file. Example: dmz01:/var/lg/auth.lg: May 30 13:15:52 dmz01 sshd[12980]: Accepted passwrd fr rt frm prt 4445 ssh2 Page 4 Cpyright Alienvault 2010

5 Nrmalized Event There is a certain set f fields which are required in rder t ensure a cnsistent evaluatin and crrelatin f the events by the OSSIM server. These fields can be ppulated with infrmatin frm the lg message r statically thrugh the plug-in. Example: ssim-sensr:/var/lg/ssim/agent.lg: :15:49,441 Output [INFO]: event type="detectr" date=" " sensr=" " interface="eth0" plugin_id="4003" plugin_sid="7" src_ip=" " src_prt="4445" dst_ip=" " dst_prt="22" username="rt" lg="may 30 13:15:52 dmz01 sshd[12980]: Accepted passwrd fr rt frm prt 4445 ssh2" fdate=" :15:52" tzne="0" Page 5 Cpyright Alienvault 2010

6 1.2 OSSIM Server Rle Event Enrichment The OSSIM server enriches the received nrmalized event with the metadata stred in the OSSIM Database. Enriched Event The OSSIM Server enriches the event with the Pririty and Reliability values, which are specific t the event type (plugin_id) and subtype (plugin_sid), as well as with the Asset Value which is specific t the Surce (asset_src) and the Destinatin (asset_dst) hsts. Example: ssim:/var/lg/ssim/server.lg: :48:41 OSSIM-Message: Event received: event id="0" alarm="0" type="detectr" fdate=" :15:52" date=" " tzne="0" plugin_id="4003" plugin_sid="7" src_ip=" " src_prt="4445" dst_ip=" " dst_prt="22" sensr=" " interface="eth0" prtcl="tcp" asset_src="2" asset_dst="2" lg="may 30 13:15:52 dmz01 sshd[12980]: Accepted passwrd fr rt frm prt 4445 ssh2" username="rt" Pririty The pririty is related t threats and it reflects the imprtance f a specific attack, having nthing t d with a specific hst r envirnment. It nly measures the relative imprtance f the attack itself. Range: 0-5 Default value: 1 Example: A Unix server running Samba gets attacked by the Sasser wrm. Apart frm the fact that the attack wn t have an impact n the given envirnment, it has the ptential t explit a big security hle and fr that reasn the pririty is cnsidered as being high. Reliability Classical risk-assessment wuld refer it as "prbability ". Since it's quite difficult t determine hw prbable it is fr a netwrk t be expsed t certain vulnerabilities, the IDS related reliability apprach was cnsidered mre apprpriate. Range: 0-10 Default value : 1. Example: If a hst cnnects t 5 different hsts in the same subnet using prt 445, culd be a nrmal behavir, unreliable fr IDS purpses. If cnnecting t 15 hsts wuld be Page 6 Cpyright Alienvault 2010

7 suspicius, with 500 cnnectins t different hsts in less than an hur the attack wuld get mre and mre reliable. Asset Value It is assigned t bth the Surce and the Destinatin Hsts and represents the imprtance the hst has t the enterprise. Range: 0-5 Default value: 1 (als used fr hsts nt being defined in the asset database) Example: A database server can have an asset value f 5, a develpment test server an asset value f 2 and an unknwn hst in the Internet causing a prtscan event wuld just have an asset value f 1. Alarm Based n the Event Pririty (0-5), Event Reliability (0-10) and the Asset Value (0-5), a Risk Value (0-10) is calculated and fr values equal r greater than 1 Alerts are generated. The Risk is calculated based n the fllwing frmula: Risk = (Pririty * Reliability * Asset) / Plicies and Actins Plicies are defined in rder t define what has t be dne with the events as they reach the OSSIM Server: Crrelatin (i.e. checked against the crrelatin directives) Frwarding (i.e. ne cpy is sent t the frensic strage) Actins (i.e. send an ) Discard - the last filter pssibility befre saving the event in the database, althugh it is recmmended t filter the events as clse t the surce as pssible. Plicies can make decisins n which events are ging t be filtered based n: Surce and Destinatin Assets (Hsts, Netwrks, ANY...) Prts Plugin Grup Time Range Page 7 Cpyright Alienvault 2010

8 1.3 The Cnfiguratin Wrkflw Cllect a Lg Sample First thing t start with is checking which lg messages the applicatin generates and eventually identify sets f lgs having a similar structure. Thse lgs having a similar structure will be where pssible cvered by a single cllectr rule. Create a Plugin File Best is t cpy ne existing file and mdify its cntent t match the new applicatin. Shuld a plugin exist fr a similar applicatin, it is recmmended t cpy such a file, as there is a gd chance that rules have a similar cntent and are gruped in a similar way - a generic HTTP-Prxy lg will always cntain a URL, a generic Firewall lg will cntain a Surce IP Address and Surce Prt as well as a Destinatin IP Address and Destinatin Prt. Sme user defined fields might be defined fr a specific applicatin and the crrelatin at the server level can be simplified if similar applicatins use the same user defined fields. Define a Generic Rule This is the last Rule t evaluate, which catches all the events that cannt be gruped under specific rules. Define Specific Rules The Specific rules are defined fr specific errr cnditins r categries f events. There might als be that ne single rule is used t generate different types r subtypes f events. Discard Nise Events that are cnsidered nise can be discarded by OSSIM by excluding certain event subtypes (Plugin_SIDs) in the plugin file, by the way the regular expressins are defined r by using plicies. Hwever, the best way t discard events is by filtering them n the mnitred device r at syslg level n the hst running the OSSIM Agent. Review the Evaluatin Order The rules are evaluated alphabetically, which means that all it cunts is the name f a rule and nt the psitin in the plug-in file. The Generic Rule might even be n the first psitin if the name is prperly chsen. Having rules alphabetically placed after the Generic Rule will have as effect that the crrespnding lgs will be evaluated as generic events instead f having the prper event type and subtype assigned. Register the Plugin with the OSSIM Agent In rder t have a Plugin activated and sending events t the OSSIM server, the path t the plugin file has t be specified in the Agent cnfiguratin file. Page 8 Cpyright Alienvault 2010

9 Register the Plugin with the OSSIM Server This is required in rder t let the server knw which events shuld be expected and which pririty and reliability values the events shuld get assigned. Activate the Plugin n the Server Side Restart the OSSIM Server prcess. Activate the Plugin n the Agent Side Restart the OSSIM Agent prcess. Testing Using the lgger cmmand sample lgs can be replayed in rder t test the peratin f the OSSIM Agent r Server. Page 9 Cpyright Alienvault 2010

10 2 Cnfiguring Detectr Plugins 2.1 Rsyslg Rsyslg is the Syslg implementatin shipped with OSSIM and allws cnfiguring filtering and frwarding in a really easy way cmpared t the classical syslg daemn. Syslg is als the cmmn methd t send and receive lgs. Befre starting with the plugin cnfiguratin it is recmmended t check whether the subset f lgs the plugin will nrmalize are saved in an individual file and whether nise can be filtered befre reaching the plugin rules Cnfiguratin File /etc/rsyslg.cnf Listener Cnfiguratin $MdLad imudp $UDPServerRun 514 $MdLad imtcp $InputTCPServerRun Filters Frward certain events t a lcal file if $msg cntains 'errr' then /var/lg/errr if $syslgfacility-text == 'lcal0' and $msg startswith 'DEVNAME' and ($msg cntains 'errr1' r $msg cntains 'errr0') then /var/lg/smelg Stp prcessing sme events if $msg cntains 'errr' then ~ Regex in Rsyslg Page 10 Cpyright Alienvault 2010

11 2.2 OSSIM Agent Cnfiguratin Cnfiguratin File /etc/ssim/agent/cnfig.cfg Parameters [daemn] daemn: pid: [event-cnslidatin] [lg] Daemn mde (True r False) Path t the PID file (Prcess identifier) Enables event cnslidatin at agent level. It is recmmended t use plices instead f this feature as cnslidatin at the agent level affects the crrelatin prcess. by_plugin: enable: time: Example: [event-cnslidatin] List f plugins that will be cnslidated Enable r disable (True r False) Wait n secnds t cnslidate the events befre sending them by_plugin= , , enable=false time=10 Cnfigures the verbse level and the path t the different lg files errr: file: stats: [utput-plain] verbse: File in which the errr events will be stred File in which all the agent lgs will be stred File in which the agent stats will be stred (Every 5 minutes) Cnfigures the verbse level (Debug, Inf, Warning, Errr r Critical) Writes in a lg file what is being sent t the OSSIM Server (Useful fr debugging and develping purpses) enable: file: [utput-server] Enable r disable (True r False) File in which the utput-plain will be stred Cnfigures the server t which events are sent enable: ip: prt: Enable r disable sending events t the server (True r False) IP address f the OSSIM Server Listening prt f the OSSIM Server Page 11 Cpyright Alienvault 2010

12 [plugin-defaults] [plugins] [watchdg] Building Cllectr Plugins - Admin Guide In this categry variables can be defined t be used in the plugins cnfiguratin. Example: [plugin-defaults] date_frmat=%y-%m-%d %H:%M:%S interface=eth0 sensr= Defines which plugins (detectrs and mnitrs) are enabled name_f_the_plugin=path_t_the_plugin_cnfig_file Example: [plugins] pstfix=/etc/ssim/agent/plugins/pstfix.cfg ssh=/etc/ssim/agent/plugins/ssh.cfg Mnitr the prcess assciated t each plugin (In case it is running in the same machine) enable: interval: restart_interval: Enable r disable (True r False) Wait X secnds between checks Restart the prcess every X secnds (This has t be enabled in each plugin) Page 12 Cpyright Alienvault 2010

13 2.3 Detectr Plugin Cnfiguratin Cnfiguratin Files /etc/ssim/agent/plugins/*.cfg Cmmn Event Types Cpy and mdify the existing plugin files t create plugins f the fllwing types. a. Lg - Reading frm files Plugin statement: surce=lg b. Database - Reading frm databases Plugin statement: surce=database mssql - Micrsft SQL Plugin statement: surce_type=mssql mysql - MySQL Plugin statement: surce_type=mysql c. SDEE - Cisc device lgs Plugin statement: surce=sdee d. SnrtLg - Snrt lgs Plugin statement: surce=snrtlg e. WMI - Windws Management Instrumentatin Plugin statement: surce=wmi Parameters [DEFAULT] Any variable defined inside this categry will be sent t the OSSIM Server if nt mdified by a plugin rule. User reserved range is between 9000 and plugin_id: Example: plugin_id=4003 Numerical identifier f the plugin within the OSSIM system Page 13 Cpyright Alienvault 2010

14 [cnfig] type: enable: surce: lcatin: create_file: prcess: start: stp: startup: shutdwn: detectr Enable r Disable the plugin (It must be enabled in cnfig.cfg) Surce f the events (lg, mssql, mysql, wmi) The file(s) where the lgs can be fund - can cntain multiple cmma-separated files Create the lg file in case it des nt exist Name f the prcess generating lgs (If n the same system) Start the prcess when the agent starts (yes/n) Stp the prcess when the agent stps (yes/n) Cmmand that starts the prcess Cmmand that stps the prcess exclude_sids=sid List Use this ptin t exclude SIDs Example (hp-eva): prcess=snmptrapd start=yes stp=yes startup=/etc/init.d/snmpd start shutdwn=/etc/init.d/snmpd stp exclude_sids=404,200,403 [translatin] string=value Used t map strings t their crrespnding values Example (Pstfix): [translatin] sent=10 bunced=11 [Rule IDs Specific Rules] Here are the events cllected and nrmalized. event_type=event regexp=regular Expressin plugin_sid=plugin SID Event_Field=Value Example(ssh): [01 - Failed passwrd] event_type=event regexp="(\syslog_date)\s+(?p<sensr>[^\s]*).*?ssh.*?failed passwrd fr inval user (?P<user>\S+)\s+frm\s+.*?(?P<src>\IPV4).*?prt\s+(?P<sprt>\PORT)" plugin_sid=1 date={nrmalize_date($1)} Page 14 Cpyright Alienvault 2010

15 src_ip={$src} dst_ip={reslv($sensr)} src_prt={$sprt} username={$user} [Rule IDs Specific Rules] [Rule ID Generic Rule] Example (ssh): [99 - Generic rule] # Nv 15 11:55: sshd[ ]: ********** event_type=event regexp="(\syslog_date)\s+(?p<sensr>[^\s]*).*?ssh.*" plugin_sid=99 date={nrmalize_date($1)} dst_ip={reslv($sensr)} Nte: As rules are rdered alphabetically the Generic Rule has t have the highest Rule ID Using Lcal (Plugin) Variables The different cnfiguratin variables defined in the plugin cnfiguratin file can be used with the fllwing syntax: %()s Example: prcess=pads shutdwn=killall -9 %(prcess)s Using Glbal (Agent) Variables \_CFG() Example: In the agent cnfiguratin file (/etc/ssim/agent/cnfig.cfg): [watchdg] restart_interval=3600 ; secnds between plugin prcess restart In the plugin cnfiguratin file(/etc/ssim/agent/plugins/*.cfg): restart_interval=\_cfg(watchdg,restart_interval) Page 15 Cpyright Alienvault 2010

16 2.4 Aliases Path /etc/ssim/agent/aliases.cfg Predefined Regular Expressins The predefined regular expressins can be used when creating new plugins. IPV4= \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} MAC= \w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2}:\w{1,2} PORT= \d{1,5} TIME= \d\d:\d\d:\d\d SYSLOG_DATE= \w{3}\s+\d{1,2}\s\d\d:\d\d:\d\d SYSLOG_WY_DATE= \w+\s+\d{1,2}\s\d{4}\s\d\d:\d\d:\d\d T use an Alias in the regular expressin use the \IPV4, \MAC, \SYSLOG_DATE, etc. 2.5 Functins Path /usr/share/ssim-agent/ssim_agent/parserutil.py Cnversins reslv(hst): reslv_ip(addr): reslv_prt(prt): nrmalize_date(date): translates a hst name t an IPv4 address translates an IPv4 address t a hst name translate a prt name int its number cnvert date strings t isfrmat (must tag the regular expressins with the fllwing: <year>, <mnth>, <minute>, <hur>, <minute>, <secnd> r <timestamp> fr timestamps. T define new date frmats add a new regexp t the DATE_REGEXPS array. nrmalize_prtcl(prt): translates the prtcls t the prtcl numbers, based n the PROTO_TABLE md5sum(datastring): upper(string): hextint(string): calculates the md5 checksum all upper case get the integer value f a hexadecimal number Page 16 Cpyright Alienvault 2010

17 2.5.3 Applicatin Specific Translatins snrt_id(id): adds 1000 t the Snrt ID intrushield_sid(sid,name): all McAfee Intrushield IDs are divisible by 256, and this length desn't fit in the OSSIM table ( mcafee_sid = hextint(mcafee_sid)/256) netscreen_idp_sid(msg): translates the Netscreen messages based n the NETSCREEN_IDP_SID_TRANSLATION_TABLE translatin table (defined in ParserUtil.py) iss_siteprtectr_sid(msg): translates the ISS_SitePrtectr messages based n the ISS_SITEPROTECTOR_SID_TRANSLATION_MAP translatin table (defined in ParserUtil.py) reslv_iface(iface): nrmalize interface name t either ext r int User Defined Translatins translate(string): Example (frm the iptables plugin): # The translatin sectin in the plugin cnfiguratin file [translatin] ACCEPT=1 REJECT=2 DROP=3 DENY=3 Inbund=4 Outbund=5 # Rule ID [0 - iptables] translates strings based n the entries defined in the [translatin] sectin f the plugin. # Lg sample # Oct 31 08:59:25 M kernel: RULE 0 -- ACCEPT IN= OUT=l SRC= DST= LEN=60 # TOS=0x00 PREC=0x00 TTL=64 ID=8437 DF PROTO=TCP SPT=57275 DPT=836 SEQ= # ACK=0 WINDOW=32767 RES=0x00 SYN URGP=0 # Lg Parsing regexp=(\s+\s+\d+\s+\d\d:\d\d:\d\d)\s+(\s*) (\S*):.*?(\S+)\s+IN=(\S*) OUT=(\S*) SRC=(\S+) DST=(\S+) LEN=(\d+) \S+ \S+ TTL=(\d+).*? PROTO=(\S*) SPT=(\d*) DPT=(\d*) # plugin_sid is set t 1, the translated value fr ACCEPT plugin_sid={translate($4)} Page 17 Cpyright Alienvault 2010

18 2.6 Event Fields Mandatry n default values, have always t be set when creating a new plugin plugin_id plugin_sid Event Type Event Subtype Mandatry default values are assigned by the OSSIM Agent Optinal date sensr interface prtcl src_ip src_prt dst_ip dst_prt username passwrd filename The time the event has been cllected frm the device The IP Address f the sensr cllecting the event The interface where the event has been cllected IP Prtcl (see /etc/prtcls) The Surce IP Address The Surce Prt The Destinatin IP Address The Destinatin Prt The User referred in the event The Passwrd referred in the event The Filename referred in the event userdata1 userdata9 User defined fields that culd be used in custm reprts, crrelatin directives, etc. Special types f events and the list f fields that can be used in each event type: Hst-s-event Hst-mac-event Hst-service-event hst hst hst s mac sensr sensr vendr interface interface sensr prt date interface prtcl date service applicatin date Page 18 Cpyright Alienvault 2010

19 2.7 Rules The Rules define the frmat f each event and hw they are nrmalized. It is cmpsed by a regular expressin and the list f fields that the event will include nce it is sent t the OSSIM Server. In sme cases nly ne regular expressin will cllect every event cming frm ne applicatin, in sme ther cases mre than ne rule will be required Evaluatin Order Rules are lading in alphabetical rder based n the name given t each rule (Rule ID). Once the lg matches the regex f ne rule the ssim agent stps prcessing the event, therefre generic rules must be the last t be evaluated Structure Name / Rule ID The name f the rule is mandatry Regular Expressin The regexp field cntains the regular expressin that defines the frmat f the events, and extracts the infrmatin t nrmalize the event. The regular expressin has t be written fllwing Pythn regular expressin syntax: The infrmatin extracted by the regular expressin frm the lg can be accessed by: Psitin: (\d\d):(\d\d):(\d\d) hur={$1} minutes ={$2} secnds={$3} Tags: (?P<hur>\d\d):(?P<minutes>\d\d)(?P<secnds>\d\d) hur={$hur} minutes ={$minutes} secnds={$secnds} Nrmalized Fields As the server must receive nrmalized events, where IP addresses fr instance are using the IPV4 frmat and the date uses the frmat YYYY-MM-DD HH:MM:SS ( :57:00) T simplify the prcess f nrmalizing events functins are defined (mre details n functins can be fund in the Functins sectin f this dcument): reslv() Translates hstnames int IPV4 addresses (DNS queries) Page 19 Cpyright Alienvault 2010

20 nrmalize_date() Building Cllectr Plugins - Admin Guide The nrmalize_date functin translates many date frmats int the frmat accepted by the OSSIM Server. Translatins Used fr instance when the Event ID is nt numeric, but plugin_sid has t be numeric. Translatins have t be defined inside the [translatin] sectin. The actual translatin is triggered by using the translate() functin. Exclusins Sme events can be filtered during the cllectin prcess editing the cnfiguratin file fr each plugin: - Using the ptin exclude_sids - Mdifying the regular expressins t avid matching certain events Page 20 Cpyright Alienvault 2010

21 2.8 Lading Plugins Pririty and Reliability values Fr each Plugin_ID/Plugin_SID pair the Pririty and Reliability values will have t be defined while registering the plugin with the OSSIM Server SQL Statement Similar t cpying an existing plugin file and custmize it in rder t create a new plugin file, an SQL script can be cpied and custmized in rder t insert the new Plugin infrmatin in the database. The sample SQL script can be fund under: /usr/share/dc/ssim-mysql/cntrib/plugins/*.sql Other than with the Plugin cnfiguratin file, the SQL script shuld be created and executed n the OSSIM Server and nt where the OSSIM Agent runs. The fllwing is perfrmed by the SQL script: - Remve the Plugin ID frm the plugin table, shuld such an entry already exist - Remve the Plugin SIDs frm the plugin_sid table, shuld already exist - Insert the new Plugin ID infrmatin int the plugin table - Insert the new Plugin SIDs int the plugin_sid table T run the script use the fllwing cmmand (please duble-check the cntent f the SQL scripts and the cmmand line syntax befre applying the changes t the database): ssim-server:/usr/share/dc/ssim-mysql/cntrib/plugins# ssim-db < ssh.sql Example (/usr/share/dc/ssim-mysql/cntrib/plugins/ssh.sql): -- SSHd -- plugin_id: 4003 DELETE FROM plugin WHERE id = "4003"; DELETE FROM plugin_sid where plugin_id = "4003"; INSERT INTO plugin (id, type, name, descriptin) VALUES (4003, 1, 'sshd', 'SSHd: Secure Shell daemn'); INSERT INTO plugin_sid (plugin_id, sid, categry_id, class_id, name, pririty, reliability) VALUES (4003, 1, NULL, NULL, 'SSHd: Failed passwrd', 3, 2); INSERT INTO plugin_sid (plugin_id, sid, categry_id, class_id, name, pririty, reliability) VALUES (4003, 2, NULL, NULL, 'SSHd: Failed publickey', 2, 2); INSERT INTO plugin_sid (plugin_id, sid, categry_id, class_id, name, pririty,reliability) VALUES (4003, 99, NULL, NULL, 'SSHd: Generic SSH Event', 1, 1); Page 21 Cpyright Alienvault 2010

22 2.9 Plugin Activatin Activate the Plugin n the Server Side Restart the OSSIM Server prcess: ssim-server:~#/etc/init.d/ssim-server restart Activate the Plugin n the Agent Side Restart the OSSIM Agent prcess: ssim-sensr:~#/etc/init.d/ssim-agent restart 3 Lg files Generic Syslg /var/lg/syslg (Unix) /var/adm/messages (Slaris) T identify where the lgs fr specific applicatins r certain lgging levels are saved, check the /etc/syslg.cnf r /etc/rsyslg.cnf files. OSSIM Agent /var/lg/ssim/agent.lg OSSIM Server /var/lg/ssim/server.lg 4 Debugging Nte: D never leave an applicatin running in Debug mde in a prductin envirnment OSSIM Agent ssim-agent vv OSSIM Server ssim-server D6 Page 22 Cpyright Alienvault 2010

23 5 Appendix 5.1 Regular Expressins Operatr c Meaning A nn-special character matches with itself \c Remves the special meaning f the character c; The RE \$ matches with $ ^ Indicates the beginning f the line $ Indicates the end f the line. Any individual character [ ] [^ ] One r any f the characters ; accepts intervals f the type a-z, 0-9, A-Z A char different frm ; Accepts intervals f the type a-z, 0-9, A-Z Regular Expressin Matches with a.b axb aab abb asb a#b... a..b axxb aaab abbb a4$b... [abc] [aa] [aa][bb] a b c (ne character srtings) a A (ne character srtings) ab Ab ab AB (tw character srtings) [ ] [0-9] [A-Za-z] A B C... Z a b c... Z [0-9][0-9][0-9] [0-9]* empty_chain [0-9][0-9]* ^.*$ A full line Page 23 Cpyright Alienvault 2010

24 Operatr Meaning r* 0 r mre ccurrences f the RE r r+ 1 r mre ccurrences f the RE r r? 0 r an ccurrence f the RE r, and n mre r{n} r{,m} r{n,m} r1 r2 n ccurrences f the RE r 0 r at mst m ccurrences f the RE r N r mre ccurrences f the RE r, but at mst m The RE r1 r the RE r2 Regular expressin Matches with [0-9] [0-9]? empty_string (ab)* empty_string ab ababab abababababab ([0-9]+ab)* empty_string 1234ab 9ab9ab9ab ab 99ab99ab... Regular expressin Matches with Equals \d Any decimal character [0-9] \D Any nn decimal character [^0-9] \s Any space character [\t\n\r\f\v] \S Any nn space character [^\t\n\r\f\v] \w Any alphanumeric character and _ [a-za-z0-9_] \W Any nn alphanumeric character [^a-za-z0-9_] \Z End f line Page 24 Cpyright Alienvault 2010

25 5.2 Cnfiguratin Example Scenari In rder t detect user lgns n a Unix system, the last cmmand utput will be used. The last cmmand displays the cntent f the /var/lg/wtmp file, where clsed and pened terminal sessins as well as system restarts are lgged. T just create events n status updates, the last utput will be cllected peridically and cmpared t the similar infrmatin saved with the previus lp. The status updates will be sent by syslg, with the help f the lgger cmmand Write a script t mnitr the last status #!/bin/sh # create the file if des nt exist tuch /var/lg/last.prev while true d # get last entries last > /var/lg/last.new # send new entries t syslg diff /var/lg/last.prev /var/lg/last.new grep '^>' lgger -t LOGON_EXAMPLE -p lcal2.inf # mve.new t.prev mv /var/lg/last.new /var/lg/last.prev sleep 5 dne Lg sample dmz01:~# tail -f/var/lg/messages Jul 1419:21:32 dmz01 LOGON_EXAMPLE: > rt pts/3 lcalhst Wed Jul 1418:49-19:21 (00:31) Jul 1419:23:28 dmz01 LOGON_EXAMPLE: > dbadmin pts/3 lcalhst Wed Jul 1419:23 still lgged in Jul 1419:23:59 dmz01 LOGON_EXAMPLE: > rt pts/4 lcalhst Wed Jul 1419:23 still lgged in Jul 1419:24:09 dmz01 LOGON_EXAMPLE: > rt pts/4 lcalhst Wed Jul 1419:23-19:24 (00:00) Jul 1419:24:09 dmz01 LOGON_EXAMPLE: > dbadmin pts/3 lcalhst Wed Jul 1419:23-19:24 (00:00) Jul 1419:24:09 dmz01 LOGON_EXAMPLE: > rt pts/ Wed Jul 1418:38-19:24 (00:45) Jul 1419:24:54 dmz01 LOGON_EXAMPLE: > rt pts/ Wed Jul 1419:24 still lgged in Jul 1419:26:15 dmz01 LOGON_EXAMPLE: > rt pts/ Wed Jul 1419:24-19:26 (00:01) Jul 1419:26:20 dmz01 LOGON_EXAMPLE: > ssim pts/ Wed Jul 1419:26 still lgged in Jul 1419:26:25 dmz01 LOGON_EXAMPLE: > ssim pts/ Wed Jul 1419:26-19:26 (00:00) Cllect the lgs in a new lg file Add the fllwing t the rsyslg.cnf n the system running the OSSIM Agent: # # LOGON_EXAMPLE # lcal2.inf /var/lg/last_lgn.lg Page 25 Cpyright Alienvault 2010

26 5.2.5 Restart rsyslg pensurcesim:~# /etc/init.d/rsyslgd restart Check whether the new entries are written in the new lg file pensurcesim:/etc/ssim/agent/plugins# tail -f/var/lg/last_lgn.lg Jul 1419:38:49 dmz01 LOGON_EXAMPLE: > rt pts/2 lcalhst Wed Jul 1419:38 still lgged in Jul 1419:38:54 dmz01 LOGON_EXAMPLE: > rt pts/2 lcalhst Wed Jul 1419:38-19:38 (00:00) Jul 1419:38:59 dmz01 LOGON_EXAMPLE: > ssim pts/2 lcalhst Wed Jul 1419:38 still lgged in Jul 1419:40:51 dmz01 LOGON_EXAMPLE: > ssim pts/2 lcalhst Wed Jul 1419:38-19:40 (00:01) Jul 1420:15:09 dmz01 LOGON_EXAMPLE: > rebt system bt Wed Jul 1417:39-20:15 (02:35) Create a plugin file Cpy an existing plugin t build the new ne n the existing structure pensurcesim:/etc/ssim/agent/plugins# cp syslg.cfg example.cfg Set the new plugin specific parameters ;; Building Plugins Example ;; plugin_id: 9001 ;; type: detectr [DEFAULT] plugin_id=9001 [cnfig] type=detectr enable=yes surce=lg # Enable syslg t lg everything t ne file. Add it t lg rtatin als. # ech "*.* /var/lg/all.lg" >> /etc/syslg.cnf; killall -HUP syslgd #lcatin=/var/lg/all.lg lcatin=/var/lg/last_lgn.lg # create lg file if it des nt exists, # therwise stp prcessing this plugin create_file=true prcess= start=n stp=n startup= shutdwn= ## rules [Rule 01 - Cnsle Sessin Open] # Jul 14 20:36:47 dmz01 LOGON_EXAMPLE: > rt tty1 Wed Jul 14 20:36 still lgged in event_type=event regexp="^(?p<lgline>(\s+\s+\d+\s+\d\d:\d\d:\d\d)\s+(?p<hst>[^\s]+)\s+logon_example: >\s+(?p<username>[^\s]+)\s+(?p<tty>tty\d+)\s+(?p<lgged_event>.*still lgged in.*))$" sensr=\_cfg(plugin-defaults,sensr) Page 26 Cpyright Alienvault 2010

McAfee Enterprise Security Manager. Data Source Configuration Guide. Infoblox NIOS. Data Source: September 2, 2014. Infoblox NIOS Page 1 of 8

McAfee Enterprise Security Manager. Data Source Configuration Guide. Infoblox NIOS. Data Source: September 2, 2014. Infoblox NIOS Page 1 of 8 McAfee Enterprise Security Manager Data Surce Cnfiguratin Guide Data Surce: Infblx NIOS September 2, 2014 Infblx NIOS Page 1 f 8 Imprtant Nte: The infrmatin cntained in this dcument is cnfidential and

More information

Mobile Device Manager Admin Guide. Reports and Alerts

Mobile Device Manager Admin Guide. Reports and Alerts Mbile Device Manager Admin Guide Reprts and Alerts September, 2013 MDM Admin Guide Reprts and Alerts i Cntents Reprts and Alerts... 1 Reprts... 1 Alerts... 3 Viewing Alerts... 5 Keep in Mind...... 5 Overview

More information

FINRA Regulation Filing Application Batch Submissions

FINRA Regulation Filing Application Batch Submissions FINRA Regulatin Filing Applicatin Batch Submissins Cntents Descriptin... 2 Steps fr firms new t batch submissin... 2 Acquiring necessary FINRA accunts... 2 FTP Access t FINRA... 2 FTP Accunt n FINRA s

More information

2. When logging is used, which severity level indicates that a device is unusable?

2. When logging is used, which severity level indicates that a device is unusable? Last updated by Admin at March 3, 2015. 1. What are the mst cmmn syslg messages? thse that ccur when a packet matches a parameter cnditin in an access cntrl list link up and link dwn messages utput messages

More information

TaskCentre v4.5 Send Message (SMTP) Tool White Paper

TaskCentre v4.5 Send Message (SMTP) Tool White Paper TaskCentre v4.5 Send Message (SMTP) Tl White Paper Dcument Number: PD500-03-17-1_0-WP Orbis Sftware Limited 2010 Table f Cntents COPYRIGHT 1 TRADEMARKS 1 INTRODUCTION 2 Overview 2 FEATURES 2 GLOBAL CONFIGURATION

More information

Traffic monitoring on ProCurve switches with sflow and InMon Traffic Sentinel

Traffic monitoring on ProCurve switches with sflow and InMon Traffic Sentinel An HP PrCurve Netwrking Applicatin Nte Traffic mnitring n PrCurve switches with sflw and InMn Traffic Sentinel Cntents 1. Intrductin... 3 2. Prerequisites... 3 3. Netwrk diagram... 3 4. sflw cnfiguratin

More information

MaaS360 Cloud Extender

MaaS360 Cloud Extender MaaS360 Clud Extender Installatin Guide Cpyright 2012 Fiberlink Cmmunicatins Crpratin. All rights reserved. Infrmatin in this dcument is subject t change withut ntice. The sftware described in this dcument

More information

Configuring and Monitoring AS400 Servers. eg Enterprise v5.6

Configuring and Monitoring AS400 Servers. eg Enterprise v5.6 Cnfiguring and Mnitring AS400 Servers eg Enterprise v5.6 Restricted Rights Legend The infrmatin cntained in this dcument is cnfidential and subject t change withut ntice. N part f this dcument may be reprduced

More information

TaskCentre v4.5 MS SQL Server Trigger Tool White Paper

TaskCentre v4.5 MS SQL Server Trigger Tool White Paper TaskCentre v4.5 MS SQL Server Trigger Tl White Paper Dcument Number: PD500-03-02-1_0-WP Orbis Sftware Limited 2010 Table f Cntents COPYRIGHT... 1 TRADEMARKS... 1 INTRODUCTION... 2 Overview... 2 Features...

More information

Helpdesk Support Tickets & Knowledgebase

Helpdesk Support Tickets & Knowledgebase Helpdesk Supprt Tickets & Knwledgebase User Guide Versin 1.0 Website: http://www.mag-extensin.cm Supprt: http://www.mag-extensin.cm/supprt Please read this user guide carefully, it will help yu eliminate

More information

Implementing ifolder Server in the DMZ with ifolder Data inside the Firewall

Implementing ifolder Server in the DMZ with ifolder Data inside the Firewall Implementing iflder Server in the DMZ with iflder Data inside the Firewall Nvell Cl Slutins AppNte www.nvell.cm/clslutins JULY 2004 OBJECTIVES The bjectives f this dcumentatin are as fllws: T cnfigure

More information

Dell InTrust 11.1. Preparing for Auditing and Monitoring IBM AIX

Dell InTrust 11.1. Preparing for Auditing and Monitoring IBM AIX Dell InTrust 11.1 Preparing fr Auditing and Mnitring IBM AIX 2015 Dell Inc. ALL RIGHTS RESERVED. This guide cntains prprietary infrmatin prtected by cpyright. The sftware described in this guide is furnished

More information

HOWTO: How to configure SSL VPN tunnel gateway (office) to gateway

HOWTO: How to configure SSL VPN tunnel gateway (office) to gateway HOWTO: Hw t cnfigure SSL VPN tunnel gateway (ffice) t gateway Hw-t guides fr cnfiguring VPNs with GateDefender Integra Panda Security wants t ensure yu get the mst ut f GateDefender Integra. Fr this reasn,

More information

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008 Exercise 5 Server Cnfiguratin, Web and FTP Instructins and preparatry questins Administratin f Cmputer Systems, Fall 2008 This dcument is available nline at: http://www.hh.se/te2003 Exercise 5 Server Cnfiguratin,

More information

Getting Started Guide

Getting Started Guide fr SQL Server www.lgbinder.cm Getting Started Guide Dcument versin 1 Cntents Installing LOGbinder fr SQL Server... 3 Step 1 Select Server and Check Requirements... 3 Select Server... 3 Sftware Requirements...

More information

ISAM TO SQL MIGRATION IN SYSPRO

ISAM TO SQL MIGRATION IN SYSPRO 118 ISAM TO SQL MIGRATION IN SYSPRO This dcument is aimed at assisting yu in the migratin frm an ISAM data structure t an SQL database. This is nt a detailed technical dcument and assumes the reader has

More information

ScaleIO Security Configuration Guide

ScaleIO Security Configuration Guide ScaleIO Security Cnfiguratin Guide 1 Intrductin This sectin prvides an verview f the settings available in ScaleIO t ensure secure peratin f the prduct: Security settings are divided int the fllwing categries:

More information

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers) Firewall/Prxy Server Settings t Access Hsted Envirnment Client firewall settings in mst cases depend n whether the firewall slutin uses a Stateful Inspectin prcess r ne that is cmmnly referred t as an

More information

Serv-U Distributed Architecture Guide

Serv-U Distributed Architecture Guide Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U

More information

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

SBClient and Microsoft Windows Terminal Server (Including Citrix Server) SBClient and Micrsft Windws Terminal Server (Including Citrix Server) Cntents 1. Intrductin 2. SBClient Cmpatibility Infrmatin 3. SBClient Terminal Server Installatin Instructins 4. Reslving Perfrmance

More information

Dell InTrust 11.0. Preparing for Auditing and Monitoring Linux

Dell InTrust 11.0. Preparing for Auditing and Monitoring Linux Dell InTrust 11.0 Preparing fr Auditing and Mnitring Linux 2015 Dell Inc. ALL RIGHTS RESERVED. This guide cntains prprietary infrmatin prtected by cpyright. The sftware described in this guide is furnished

More information

How to deploy IVE Active-Active and Active-Passive clusters

How to deploy IVE Active-Active and Active-Passive clusters Hw t deply IVE Active-Active and Active-Passive clusters Overview Juniper Netscreen SA and SM series appliances supprt Active/Passive r Active/Active cnfiguratins acrss a LAN r a WAN t prvide high availability,

More information

HP Email Archiving software for Microsoft Exchange

HP Email Archiving software for Microsoft Exchange HP Email Archiving sftware fr Micrsft Exchange PST Imprt Tls Cmpnents and Deplyment Best Practices Table f Cntents Overview... 2 Prerequisites... 2 Cmpnents... 2 Archive Credentials... 2 PST Lader... 2

More information

Configuring BMC AREA LDAP Using AD domain credentials for the BMC Windows User Tool

Configuring BMC AREA LDAP Using AD domain credentials for the BMC Windows User Tool Cnfiguring BMC AREA LDAP Using AD dmain credentials fr the BMC Windws User Tl Versin 1.0 Cnfiguring the BMC AREA LDAP Plugin fr Dmain Username and Passwrds Intrductin...3 LDAP Basics...4 What is LDAP and

More information

SITE APPLICATIONS USER GUIDE:

SITE APPLICATIONS USER GUIDE: SITE APPLICATIONS USER GUIDE: CPCONTROLLER, CCENGINE, SYNC, TPORT, CCTERMINAL Cpyright 2013 Triple E Technlgies. All rights reserved. Site Applicatins User Guide INTRODUCTION The applicatins described

More information

Emulated Single-Sign-On in LISTSERV Rev: 15 Jan 2010

Emulated Single-Sign-On in LISTSERV Rev: 15 Jan 2010 Emulated Single-Sign-On in LISTSERV Rev: 15 Jan 2010 0. Nte that frm LISTSERV versin 15.5, LISTSERV supprts using an external LDAP directry (r Windws Active Directry) fr lgin authenticatin in additin t

More information

Readme File. Purpose. What is Translation Manager 9.3.1? Hyperion Translation Manager Release 9.3.1 Readme

Readme File. Purpose. What is Translation Manager 9.3.1? Hyperion Translation Manager Release 9.3.1 Readme Hyperin Translatin Manager Release 9.3.1 Readme Readme File This file cntains the fllwing sectins: Purpse... 1 What is Translatin Manager 9.3.1?... 1 Cmpatible Sftware... 2 Supprted Internatinal Operating

More information

KronoDesk Migration and Integration Guide Inflectra Corporation

KronoDesk Migration and Integration Guide Inflectra Corporation / KrnDesk Migratin and Integratin Guide Inflectra Crpratin Date: September 24th, 2015 0B Intrductin... 1 1B1. Imprting frm Micrsft Excel... 2 6B1.1. Installing the Micrsft Excel Add-In... 2 7B1.1. Cnnecting

More information

Getting Started Guide

Getting Started Guide fr SharePint www.lgbinder.cm Getting Started Guide Dcument versin 3 Cntents Installing LOGbinder fr SharePint... 3 Step 1 Select Server and Check Sftware Requirements... 3 Select Server... 3 Sftware Requirements...

More information

Readme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2.

Readme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2. Oracle s Hyperin Data Integratin Management Release 9.2.1 Readme Readme File This file cntains the fllwing sectins: Purpse... 1 Intrductin t Data Integratin Management... 1 Data Integratin Management Adapters...

More information

Health Care Solution

Health Care Solution Management Summary & Technical Overview Versin 1 5405 Altn Parkway, 5-A #359 Irvine, CA 92604 (949) 733-8526 Cpyright The prgrams and cncepts mentined herein are prprietary t, and are nt t be reprduced,

More information

AvePoint High Speed Migration Supplementary Tools

AvePoint High Speed Migration Supplementary Tools AvePint High Speed Migratin Supplementary Tls User Guide Issued April 2016 1 Table f Cntents Intrductin... 3 MD5 Value Generatr Tl... 3 Azure Data Uplad Tl... 3 Dwnlading and Unpacking the Tl... 4 Using

More information

TaskCentre v4.5 File Transfer (FTP) Tool White Paper

TaskCentre v4.5 File Transfer (FTP) Tool White Paper TaskCentre v4.5 File Transfer (FTP) Tl White Paper Dcument Number: PD500-03-22-1_0-WP Orbis Sftware Limited 2010 Table f Cntents COPYRIGHT 1 TRADEMARKS 1 INTRODUCTION 2 Overview 2 FEATURES 2 GLOBAL CONFIGURATION

More information

URM 11g Implementation Tips, Tricks & Gotchas ALAN MACKENTHUN FISHBOWL SOLUTIONS, INC.

URM 11g Implementation Tips, Tricks & Gotchas ALAN MACKENTHUN FISHBOWL SOLUTIONS, INC. URM 11g Implementatin Tips, Tricks & Gtchas ALAN MACKENTHUN FISHBOWL SOLUTIONS, INC. i Fishbwl Slutins Ntice The infrmatin cntained in this dcument represents the current view f Fishbwl Slutins, Inc. n

More information

HarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation 2010. User Guide

HarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation 2010. User Guide HarePint HelpDesk fr SharePint Fr SharePint Server 2010, SharePint Fundatin 2010 User Guide Prduct versin: 14.1.0 04/10/2013 2 Intrductin HarePint.Cm (This Page Intentinally Left Blank ) Table f Cntents

More information

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008 Exercise 5 Server Cnfiguratin, Web and FTP Instructins and preparatry questins Administratin f Cmputer Systems, Fall 2008 This dcument is available nline at: http://www.hh.se/te2003 Exercise 5 Server Cnfiguratin,

More information

BackupAssist SQL Add-on

BackupAssist SQL Add-on WHITEPAPER BackupAssist Versin 6 www.backupassist.cm 2 Cntents 1. Requirements... 3 1.1 Remte SQL backup requirements:... 3 2. Intrductin... 4 3. SQL backups within BackupAssist... 5 3.1 Backing up system

More information

Copyright 2013, SafeNet, Inc. All rights reserved. http://www.safenet-inc.com/ We have attempted to make these documents complete, accurate, and

Copyright 2013, SafeNet, Inc. All rights reserved. http://www.safenet-inc.com/ We have attempted to make these documents complete, accurate, and ii Cpyright 2013, SafeNet, Inc. All rights reserved. http://www.safenet-inc.cm/ We have attempted t make these dcuments cmplete, accurate, and useful, but we cannt guarantee them t be perfect. When we

More information

MiaRec. Performance Monitoring. Revision 1.1 (2014-09-18)

MiaRec. Performance Monitoring. Revision 1.1 (2014-09-18) Revisin 1.1 (2014-09-18) Table f Cntents 1 Purpse... 3 2 Hw it wrks... 3 3 A list f MiaRec perfrmance cunters... 4 3.1 Grup MiaRec Statistics... 4 3.2 Grup MiaRec Call Statistics Per-State... 5 3.3 Grup

More information

Diagnosis and Troubleshooting

Diagnosis and Troubleshooting Diagnsis and Trubleshting DataDirect Cnnect Series ODBC Drivers Intrductin This paper discusses the diagnstic tls that are available t cnfigure and trublesht yur ODBC envirnment and prvides a trubleshting

More information

Ten Steps for an Easy Install of the eg Enterprise Suite

Ten Steps for an Easy Install of the eg Enterprise Suite Ten Steps fr an Easy Install f the eg Enterprise Suite (Acquire, Evaluate, and be mre Efficient!) Step 1: Dwnlad the eg Sftware; verify hardware and perating system pre-requisites Step 2: Obtain a valid

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

TaskCentre v4.5 SMTP Tool White Paper

TaskCentre v4.5 SMTP Tool White Paper TaskCentre v4.5 SMTP Tl White Paper Dcument Number: PD500-03-04-1_0-WP Orbis Sftware Limited 2010 Table f Cntents COPYRIGHT... 1 TRADEMARKS... 1 INTRODUCTION... 2 Overview... 2 Features... 2 GLOBAL CONFIGURATION...

More information

:: EMAIL ADMIN HELP AT A GLANCE Contents

:: EMAIL ADMIN HELP AT A GLANCE Contents :: EMAIL ADMIN HELP AT A GLANCE Cntents Email Admin Dmain Inf... 2 POP Accunts... 3 Edit POP Accunts... 4 Search Accunts... 5 Frwards... 6 Spam Cntrl... 7 CatchAll... 8 EMAIL ADMIN HELP AT A GLANCE ::

More information

Corente Cloud Services Exchange (CSX) Corente Cloud Services Gateway Site Survey Form

Corente Cloud Services Exchange (CSX) Corente Cloud Services Gateway Site Survey Form Crente Clud Services Exchange (CSX) Crente Clud Services Gateway Site Survey Frm Use this site survey frm t prvide yur Crente CSX administratr r service prvider with the necessary infrmatin t register

More information

The Relativity Appliance Installation Guide

The Relativity Appliance Installation Guide The Relativity Appliance Installatin Guide February 4, 2016 - Versin 9 & 9.1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

DocAve for Salesforce 3.1

DocAve for Salesforce 3.1 DcAve fr Salesfrce 3.1 User Guide Revisin F Issued January 2014 DcAve fr Salesfrce User Guide 1 Table f Cntents Abut DcAve fr Salesfrce... 5 Befre Yu Begin... 6 System Hardware and Operating System Requirements...

More information

DocAve 6 Supplementary Tools

DocAve 6 Supplementary Tools DcAve 6 Supplementary Tls User Guide Service Pack 6 Cumulative Update 1 Issued December 2015 1 Table f Cntents What s New in this Guide... 6 Befre Yu Begin... 6 Cnfiguratin... 7 Submitting Dcumentatin

More information

StarterPak: Dynamics CRM Opportunity To NetSuite Sales Order

StarterPak: Dynamics CRM Opportunity To NetSuite Sales Order StarterPak: Dynamics CRM Opprtunity T NetSuite Sales Order Versin 1.0 7/20/2015 Imprtant Ntice N part f this publicatin may be reprduced, stred in a retrieval system, r transmitted in any frm r by any

More information

ROSS RepliWeb Operations Suite for SharePoint. SSL User Guide

ROSS RepliWeb Operations Suite for SharePoint. SSL User Guide ROSS RepliWeb Operatins Suite fr SharePint SSL User Guide Sftware Versin 2.5 March 18, 2010 RepliWeb, Inc., 6441 Lyns Rad, Ccnut Creek, FL 33073 Tel: (954) 946-2274, Fax: (954) 337-6424 E-mail: inf@repliweb.cm,

More information

SolarWinds Technical Reference

SolarWinds Technical Reference SlarWinds Technical Reference Preparing an Orin Failver Engine Installatin Intrductin t the Orin Failver Engine... 1 General... 1 Netwrk Architecture Optins and... 3 Server Architecture Optins and... 4

More information

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation ViPNet VPN in Cisc Envirnment Supplement t ViPNet Dcumentatin 1991 2015 Inftecs Americas. All rights reserved. Versin: 00121-04 90 02 ENU This dcument is included in the sftware distributin kit and is

More information

Click Studios. Passwordstate. RSA SecurID Configuration

Click Studios. Passwordstate. RSA SecurID Configuration Passwrdstate RSA SecurID Cnfiguratin This dcument and the infrmatin cntrlled therein is the prperty f Click Studis. It must nt be reprduced in whle/part, r therwise disclsed, withut prir cnsent in writing

More information

Deployment Overview (Installation):

Deployment Overview (Installation): Cntents Deplyment Overview (Installatin):... 2 Installing Minr Updates:... 2 Dwnlading the installatin and latest update files:... 2 Installing the sftware:... 3 Uninstalling the sftware:... 3 Lgging int

More information

HTTPD - Apache2 Web Server

HTTPD - Apache2 Web Server HTTPD - Apache2 Web Server Apache is the mst cmmnly used Web Server n Linux systems. Web Servers are used t serve Web Pages requested by client cmputers. Clients typically request and view Web Pages using

More information

SMART Active Directory Migrator 9.2

SMART Active Directory Migrator 9.2 SMART Active Directry Migratr 9.2 Installatin Guide MAY 2016 Table f Cntents Sectin 1. Intrductin... 3 1.1 Abut SMART Active Directry Migratr... 3 1.2 Audience fr SMART Active Directry Migratr... 4 1.3

More information

Integrating With incontact dbprovider & Screen Pops

Integrating With incontact dbprovider & Screen Pops Integrating With incntact dbprvider & Screen Pps incntact has tw primary pints f integratin. The first pint is between the incntact IVR (script) platfrm and the custmer s crprate database. The secnd pint

More information

GETTING STARTED With the Control Panel Table of Contents

GETTING STARTED With the Control Panel Table of Contents With the Cntrl Panel Table f Cntents Cntrl Panel Desktp... 2 Left Menu... 3 Infrmatin... 3 Plan Change... 3 Dmains... 3 Statistics... 4 Ttal Traffic... 4 Disk Quta... 4 Quick Access Desktp... 4 MAIN...

More information

Configuring and Monitoring Network Elements

Configuring and Monitoring Network Elements Cnfiguring and Mnitring Netwrk Elements eg Enterprise v5.6 Restricted Rights Legend The infrmatin cntained in this dcument is cnfidential and subject t change withut ntice. N part f this dcument may be

More information

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010 OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity

More information

TaskCentre v4.5 File Management Tool White Paper

TaskCentre v4.5 File Management Tool White Paper TaskCentre v4.5 File Management Tl White Paper Dcument Number: PD500-03-30-1_0-WP Orbis Sftware Limited 2010 Table f Cntents COPYRIGHT 1 TRADEMARKS 1 INTRODUCTION 2 Overview 2 FEATURES 2 TECHNICAL SUMMARY

More information

Diagnostic Manager Change Log

Diagnostic Manager Change Log Diagnstic Manager Change Lg Updated: September 8, 2015 4.4.4090 Features and Issues Supprt fr Office 365 Tenants Yu can nw: Mnitr the status f Office 365 Services (including SharePint Online, Exchange

More information

CallRex 4.2 Installation Guide

CallRex 4.2 Installation Guide CallRex 4.2 Installatin Guide This dcument describes hw t install CallRex 4.2. It cvers the fllwing: CallRex 4.2 Cmpnents. Server Prerequisites. Perfrming the Installatin. Changing the Accunt Used by CallRex

More information

Connector for Microsoft Dynamics Installation Guide

Connector for Microsoft Dynamics Installation Guide Micrsft Dynamics Cnnectr fr Micrsft Dynamics Installatin Guide June 2014 Find updates t this dcumentatin at the fllwing lcatin: http://g.micrsft.cm/fwlink/?linkid=235139 Micrsft Dynamics is a line f integrated,

More information

STIOffice Integration Installation, FAQ and Troubleshooting

STIOffice Integration Installation, FAQ and Troubleshooting STIOffice Integratin Installatin, FAQ and Trubleshting Installatin Steps G t the wrkstatin/server n which yu have the STIDistrict Net applicatin installed. On the STI Supprt page at http://supprt.sti-k12.cm/,

More information

Preparing to Deploy Reflection : A Guide for System Administrators. Version 14.1

Preparing to Deploy Reflection : A Guide for System Administrators. Version 14.1 Preparing t Deply Reflectin : A Guide fr System Administratrs Versin 14.1 Table f Cntents Table f Cntents... 2 Preparing t Deply Reflectin 14.1:... 3 A Guide fr System Administratrs... 3 Overview f the

More information

Safe PST Backup Enterprise Edition Administrator Guide

Safe PST Backup Enterprise Edition Administrator Guide Safe PST Backup Enterprise Editin Administratr Guide Versin 2.50 Cntents Intrductin... 3 Installatin... 3 Prduct Activatin... 4 Safe PST Backup Client Activatin... 4 Activatin Thrugh 4Team Online Activatin

More information

Spamguard SPAM Filter

Spamguard SPAM Filter Spamguard SPAM Filter The ECU Spam Firewall (spamguard) is designed t blck r quarantine e-mail messages that are r lk like spam befre it reaches ur email servers. The spam firewall will NOT catch all f

More information

Configuring and Monitoring SysLog Servers

Configuring and Monitoring SysLog Servers Cnfiguring and Mnitring SysLg Servers eg Enterprise v5.6 Restricted Rights Legend The infrmatin cntained in this dcument is cnfidential and subject t change withut ntice. N part f this dcument may be reprduced

More information

Junos Pulse Instructions for Windows and Mac OS X

Junos Pulse Instructions for Windows and Mac OS X Juns Pulse Instructins fr Windws and Mac OS X When yu pen the Juns client fr the first time yu get the fllwing screen. This screen shws yu have n cnnectins. Create a new cnnectin by clicking n the + icn.

More information

Employee Self Service (ESS) Quick Reference Guide ESS User

Employee Self Service (ESS) Quick Reference Guide ESS User Emplyee Self Service (ESS) Quick Reference Guide ESS User Cntents Emplyee Self Service (ESS) User Quick Reference Guide 5 Intrductin t ESS 5 Getting Started 6 Prerequisites 6 Accunt Activatin 7 Hw t activate

More information

Aladdin HASP SRM Key Problem Resolution

Aladdin HASP SRM Key Problem Resolution Aladdin HASP SRM Key Prblem Reslutin Installatin flwchart fr EmbrideryStudi and DecStudi e1.5 Discnnect frm the Internet and disable all anti-virus and firewall applicatins. Unplug all dngles. Insert nly

More information

The ad hoc reporting feature provides a user the ability to generate reports on many of the data items contained in the categories.

The ad hoc reporting feature provides a user the ability to generate reports on many of the data items contained in the categories. 11 This chapter includes infrmatin regarding custmized reprts that users can create using data entered int the CA prgram, including: Explanatin f Accessing List Screen Creating a New Ad Hc Reprt Running

More information

Firewall Protection Profile

Firewall Protection Profile samhällsskydd ch beredskap 1 (10) ROS-ISÄK Rnny Janse 010-2404426 rnny.janse@msb.se Firewall Prtectin Prfile Extended Package: NAT samhällsskydd ch beredskap 2 (10) Innehållsförteckning 1. Intrductin...

More information

Configuring SSL and TLS Decryption in ngeniusone

Configuring SSL and TLS Decryption in ngeniusone Cnfiguring SSL and TLS Decryptin in ngeniusone The cnfigure SSL Decryptin feature supprts real-time capture f ASI and ASR traffic flws as well as decding f Secure Scket Link (SSL) and Transprt Layer Security

More information

SANsymphony-V Storage Virtualization Software Installation and Getting Started Guide. February 5, 2015 www.datacore.com

SANsymphony-V Storage Virtualization Software Installation and Getting Started Guide. February 5, 2015 www.datacore.com SANsymphny-V Strage Virtualizatin Sftware Installatin and Getting Started Guide February 5, 2015 www.datacre.cm This dcument is the prperty f DataCre Sftware. It is intended slely as an aid fr installing

More information

Getting Started Guide

Getting Started Guide www.lgbinder.cm Getting Started Guide Dcument versin 1 Cntents Installing LOGbinder fr Exchange... 3 Step 1 Check Sftware Requirements... 3 Sftware Requirements... 3 Exchange Auditing Requirements... 3

More information

User Manual Brainloop Outlook Add-In. Version 3.4

User Manual Brainloop Outlook Add-In. Version 3.4 User Manual Brainlp Outlk Add-In Versin 3.4 Cntent 1. Summary... 3 2. Release Ntes... 3 2.1 Prerequisites... 3 2.2 Knwn Restrictins... 4 3. Installatin and Cnfiguratin... 4 3.1 The installatin prgram...

More information

SMART Active Directory Migrator 9.0.2. Requirements

SMART Active Directory Migrator 9.0.2. Requirements SMART Active Directry Migratr 9.0.2 January 2016 Table f Cntents... 3 SMART Active Directry Migratr Basic Installatin... 3 Wrkstatin and Member Server System... 5 Netwrking... 5 SSL Certificate... 6 Service

More information

Serv-U Distributed Architecture Guide

Serv-U Distributed Architecture Guide Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v15.1.2.0 Page 1 f 20 Intrductin Serv-U

More information

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE. 2015 Savision B.V. savision.com All rights reserved.

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE. 2015 Savision B.V. savision.com All rights reserved. Rev 7.5.0 Intrductin 2 LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE 2015 Savisin B.V. savisin.cm All rights reserved. This manual, as well as the sftware described in it, is furnished under license and

More information

Instant Chime for IBM Sametime Quick Start Guide

Instant Chime for IBM Sametime Quick Start Guide Instant Chime fr IBM Sametime Quick Start Guide Fall 2014 Cpyright 2014 Instant Technlgies. All rights reserved. Cpyright and Disclaimer This dcument, as well as the sftware described in it, is furnished

More information

CXA-300-1I: Advanced Administration for Citrix XenApp 5.0 for Windows Server 2008

CXA-300-1I: Advanced Administration for Citrix XenApp 5.0 for Windows Server 2008 CXA-300-1I: Advanced Administratin fr Citrix XenApp 5.0 fr Windws Server 2008 This curse prvides learners with the skills necessary t mnitr, maintain and trublesht netwrk envirnments running XenApp fr

More information

Installation Guide Marshal Reporting Console

Installation Guide Marshal Reporting Console INSTALLATION GUIDE Marshal Reprting Cnsle Installatin Guide Marshal Reprting Cnsle March, 2009 Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 3 Sftware Prerequisites 3 Installatin

More information

BASIC TECHNICAL FEATURE DESCRIPTION

BASIC TECHNICAL FEATURE DESCRIPTION BASIC TECHNICAL FEATURE DESCRIPTION AUDRIGA EMAIL AND GROUPWARE MIGRATION SERVICE Versin 1.3 Datum 20.09.2013 Kntakt Hans-Jörg Happel (happel@audriga.cm) TECHNICAL FEATURE DESCRIPTION This is a basic technical

More information

Configuring and Integrating LDAP

Configuring and Integrating LDAP Cnfiguring and Integrating LDAP The Basics f LDAP 3 LDAP Key Terms and Cmpnents 3 Basic LDAP Syntax 4 The LDAP User Experience Mnitr 6 This dcument includes infrmatin abut LDAP and its rle with SlarWinds

More information

Frequently Asked Questions November 19, 2013. 1. Which browsers are compatible with the Global Patent Search Network (GPSN)?

Frequently Asked Questions November 19, 2013. 1. Which browsers are compatible with the Global Patent Search Network (GPSN)? Frequently Asked Questins Nvember 19, 2013 General infrmatin 1. Which brwsers are cmpatible with the Glbal Patent Search Netwrk (GPSN)? Ggle Chrme (v23.x) and IE 8.0. 2. The versin number and dcument cunt

More information

CNS-205: Citrix NetScaler 11 Essentials and Networking

CNS-205: Citrix NetScaler 11 Essentials and Networking CNS-205: Citrix NetScaler 11 Essentials and Netwrking Overview The bjective f the Citrix NetScaler 11 Essentials and Netwrking curse is t prvide the fundatinal cncepts and skills necessary t implement,

More information

CMT for Coexistence 3.4.3. Release Notes

CMT for Coexistence 3.4.3. Release Notes CMT fr Cexistence 3.4.3 Release Ntes May 2015 Table f Cntents What s New in Versin 3.4.3... 3 Release Ntes 3.4.3... 3 On the Fly Decryptin and Encryptin... 4 Prerequisites & Settings... 4 Hw it Wrks...

More information

990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free.

990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free. 990 e-pstcard FAQ Fr frequently asked questins abut filing the e-pstcard that are nt listed belw, brwse the FAQ at http://epstcard.frm990.rg/frmtsfaq.asp# (cpy and paste this link t yur brwser). General

More information

Password Reset for Remote Users

Password Reset for Remote Users 1 Passwrd Reset fr Remte Users Curin prvides a cmpnent fr the PasswrdCurier Passwrd Prvisining System that manages the lcal passwrd cache in cnjunctin with self-service passwrd reset activities. The slutin

More information

Configuring and Monitoring NetApp Products

Configuring and Monitoring NetApp Products Cnfiguring and Mnitring NetApp Prducts eg Enterprise v5.6 Restricted Rights Legend The infrmatin cntained in this dcument is cnfidential and subject t change withut ntice. N part f this dcument may be

More information

Creating Resource Profiles Using Citrix Web Applications for Citrix 4.6

Creating Resource Profiles Using Citrix Web Applications for Citrix 4.6 Citrix Templates > Creating Resurce Prfiles Using Citrix Web Applicatins Creating Resurce Prfiles Using Citrix Web Applicatins fr Citrix 4.6 NOTE: If end-user selects "Embedded client" frm "Client preferences"

More information

PBX Remote Line Extension using Mediatrix 4104 and 1204 June 22, 2011

PBX Remote Line Extension using Mediatrix 4104 and 1204 June 22, 2011 PBX Remte Line Extensin using Mediatrix 4104 and 1204 June 22, 2011 Prprietary 2011 Media5 Crpratin Table f Cntents Intrductin... 3 Applicatin Scenari... 3 Running the Unit Manager Netwrk Sftware... 4

More information

RedCloud Security Management Software 3.6 Release Notes

RedCloud Security Management Software 3.6 Release Notes RedClud Security Management Sftware 3.6 Release Ntes ------------------------------------------------------------------------------------------------------------------------------- General Availability

More information

esupport Quick Start Guide

esupport Quick Start Guide esupprt Quick Start Guide Last Updated: 5/11/10 Adirndack Slutins, Inc. Helping Yu Reach Yur Peak 908.725.8869 www.adirndackslutins.cm 1 Table f Cntents PURPOSE & INTRODUCTION... 3 HOW TO LOGIN... 3 SUBMITTING

More information

Best Practice - Pentaho BA for High Availability

Best Practice - Pentaho BA for High Availability Best Practice - Pentah BA fr High Availability This page intentinally left blank. Cntents Overview... 1 Pentah Server High Availability Intrductin... 2 Prerequisites... 3 Pint Each Server t Same Database

More information

Instructions for Configuring a SAFARI Montage Managed Home Access Expansion Server

Instructions for Configuring a SAFARI Montage Managed Home Access Expansion Server Instructins fr Cnfiguring a SAFARI Mntage Managed Hme Access Expansin Server ~ Please read these instructins in their entirety befre yu begin. ~ These instructins explain hw t add a SAFARI Mntage Managed

More information

Using PayPal Website Payments Pro UK with ProductCart

Using PayPal Website Payments Pro UK with ProductCart Using PayPal Website Payments Pr UK with PrductCart Overview... 2 Abut PayPal Website Payments Pr & Express Checkut... 2 What is Website Payments Pr?... 2 Website Payments Pr and Website Payments Standard...

More information

Tipsheet: Sending Out Mass Emails in ApplyYourself

Tipsheet: Sending Out Mass Emails in ApplyYourself GEORGETOWN GRADUATE SCHOOL Tipsheet: Sending Out Mass Emails in ApplyYurself In ApplyYurself (AY), it is very simple and easy t send a mass email t all f yur prspects, applicants, r students with applicatins

More information