RSA Event Source Configuration Guide. McAfee Firewall Enterprise

Similar documents
RSA Event Source Configuration Guide. RSA Data Loss Prevention Suite

RSA Event Source Configuration Guide

RSA Event Source Configuration Guide. EMC Avamar

RSA Event Source Configuration Guide. McAfee Database Security

RSA Event Source Configuration Guide. Citrix Xenmobile Mobile Device Manager

RSA Event Source Configuration Guide. Microsoft Internet Information Services

RSA Security Analytics

RSA Authentication Manager

Device Integration: Checkpoint Firewall-1

RSA Event Source Configuration Guide. Microsoft Dynamic Host Configuration Protocol Server

LogLogic McAfee Firewall Enterprise (Sidewinder) Log Configuration Guide

RSA Event Source Configuration Guide. Microsoft Exchange Server

Lieberman Software Corporation Enterprise Random Password Manager

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

RSA Event Source Configuration Guide. F5 Big-IP Local Traffic Manager

RSA Security Analytics

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Knowledge Base Articles

Setup non-admin user to query Domain Controller event log for Windows2003

Device Integration: CyberGuard SG565

SYSLOG 1 Overview... 1 Syslog Events... 1 Syslog Logs... 4 Document Revision History... 5

Avatier Identity Management Suite

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

HIPAA Compliance Use Case

pcanywhere Advanced Configuration Guide

RSA Security Analytics

RSA Security Analytics

Security Correlation Server Quick Installation Guide

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

Accellion Secure File Transfer

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Administrator s Guide

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Windows Firewall must be enabled on each host to allow Remote Administration. This option is not enabled by default

RSA Security Analytics

Managed Security Web Portal USER GUIDE

How To - Implement Clientless Single Sign On Authentication with Active Directory

EventTracker: Integrating Imperva SecureSphere

Setting up Citrix XenServer for 2X VirtualDesktopServer Manual

Synchronizer Installation

Network Load Balancing

XenClient Enterprise Synchronizer Installation Guide

RSA Security Analytics

HP A-IMC Firewall Manager

RSA SecurID Ready Implementation Guide

Setting up Hyper-V for 2X VirtualDesktopServer Manual

McAfee Firewall Enterprise

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Microsoft IAS Configuration for RADIUS Authorization

Salesforce Integration

Integrating Barracuda Web Application Firewall

System Management Console User Guide

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Security Correlation Server Quick Installation Guide

RSA envision Windows Eventing Collector Service Deployment Overview Guide

Browser-based Support Console

How To Configure Multiburb Smt On A Sidewinder G2 In A Load Sharing Environment

A10 Networks Load Balancer

Name Services (DNS): This is Quick rule will enable the Domain Name Services on the firewall.

Administrator s Guide

Sophos Anti-Virus for NetApp Storage Systems startup guide

Core Protection Suite

Configuring a VPN between a Sidewinder G2 and a NetScreen

Installing Kaspersky Security Center 10.0 on Microsoft Windows Server 2012 Core Mode

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

DCOM settings for computer-to-computer communication between OPC servers and OPC clients

RSA Security Analytics

RSA SecurID Ready Implementation Guide

F-SECURE MESSAGING SECURITY GATEWAY

SecureAnywhereTM Web Security Service

Installing and Configuring Active Directory Agent

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

McAfee One Time Password

Citrix XenServer Workload Balancing Quick Start. Published February Edition

How To Configure Syslog over VPN

ActiveImage Protector 3.5 for Hyper-V with SHR. User Guide - Back up Hyper-V Server 2012 R2 host and

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

F5 Local Traffic Manager

How to configure Exchange Smart Host

RSA Security Analytics

Red Condor Syslog Server Configurations

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide

Configuring System Message Logging

Configuration Guide. SafeNet Authentication Service. Remote Logging Agent

McAfee Firewall Enterprise 8.2.1

Novell Sentinel Log Manager 1.2 Release Notes. 1 What s New. 1.1 Enhancements to Licenses. Novell. February 2011

Basic Exchange Setup Guide

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

EventTracker: Support to Non English Systems

Multi-factor Authentication using Radius

Shavlik Patch for Microsoft System Center

Host Installation on a Terminal Server

WatchDox Administrator's Guide. Application Version 3.7.5

Transcription:

Configuration Guide McAfee Firewall Enterprise Last Modified: Wednesday, October 24, 2012 Event Source (Device) Product Information Vendor McAfee Event Source (Device) Firewall Enterprise (formerly Secure Computing Sidewinder G2 Security Appliance) Supported Versions 6.1.1.x, 6.1.2.x, 7.0.0.x, 8.0, and 8.2 RSA Product Information Supported Version RSA envision 4.0 and 4.1 NetWitness for Logs 9.7 Event Source (Device) Type sidewinder, 74 Collection Method Syslog Event Source (Device) Class.Subclass Security.Firewall Content 2.0 Table Firewall This document contains the following information for the McAfee Firewall Enterprise event source: Configuration Instructions Release Notes for Content 2.0 Release Notes for Standard Content McAfee Firewall Enterprise Configuration Instructions Depending on your version of McAfee Firewall Enterprise, do one of the following tasks: Configure Sidewinder G2 Security Appliance 7.0 and earlier Configure McAfee Firewall Enterprise 8.0 and 8.2 Important: For the StartTime and EndTime columns to display properly for McAfee Firewall Enterprise 8.2, you must install RSA envision 4.0 SP4 Patch 7 or RSA envision 4.1 Patch 5 or later. These patches are available at RSA SecurCare Online. Copyright 2012 EMC Corporation. All Rights Reserved.

Configure Sidewinder G2 Security Appliance 7.0 and earlier To configure Sidewinder: 1. Log on to the Sidewinder appliance. 2. To configure Sidewinder to send syslog messages, do the following: a. Use a text editor to open the file /etc/sidewinder/auditd.conf. b. Search for the filebegin_rules section and locate the following lines: log(logfile filters[] type) syslog(facility filters[] format) ipaddr_resolution(src_addr dst_addr) time_format(zone) end_rules Note: If the filebegin_rules section does not display in your search, type the lines listed in this step into the file. c. After the lines listed in step b, type the following: syslog(local0 filters["null"] sef) d. Save and close the file. 3. To configure Sidewinder to send syslog messages to the RSA envision appliance, follow these steps: a. Use a text editor to open the file /etc/syslog.conf. b. Type the following line: local0.* @IP_address_of_your_<Platform> where <Platform> is your envision appliance. Note: If you wish to send a syslog to two different IP addresses, enter two "local0" entries: local0.* @IP_address_of_your_<Platform> local0.* @IP_address_of_your_<Platform> where <Platform> is your envision appliance. c. Save and close the file. 4. To restart the auditd and syslogd services, do the following: a. Enter the following command to go to the administrator domain: srole 2 Configure Sidewinder G2 Security Appliance 7.0 and earlier

b. Depending on your version of Sidewinder, type the following commands to restart the services: For Sidewinder versions 7.0.0 and later, type: cf daemond restart agent=syslog cf daemond restart agent=auditd For Sidewinder versions prior to 7.0.0, type: kill -HUP syslogpid cf server restart auditd Configure Sidewinder G2 Security Appliance 7.0 and earlier 3

Configure McAfee Firewall Enterprise 8.0 and 8.2 To configure McAfee Firewall Enterprise: Important: For the StartTime and EndTime columns to display properly for McAfee Firewall Enterprise 8.2, you must install RSA envision 4.0 SP4 Patch 7 or RSA envision 4.1 Patch 5 or later. These patches are available at RSA SecurCare Online. 1. Log on to the McAfee Firewall Enterprise console and connect to the firewall that you want to configure. 2. In the file tree, click Firewall Name > Monitor > Audit Management. 3. On the Firewall Reporter/Syslog tab, in the Export audit to syslog servers section, follow these steps: a. Click the + button. b. In the new row, enter the following. Column IP Address Remote Facility Description Action Enter the IP address of your envision appliance. Leave the default value local0. (Optional) Enter a description. 4. Click the save button. 5. To restart the NIC Service Manager Service on your RSA envision appliance, follow these steps: a. Log on to your RSA envision appliance with administrator credentials. b. Click Start > Administrative Tools > Services. c. Click NIC Service Manager. d. Click Restart. 4 Configure McAfee Firewall Enterprise 8.0 and 8.2

Content 2.0 Release Notes McAfee Firewall Enterprise Release Notes (20121024-162733) McAfee Firewall Enterprise Release Notes (20120724-133948) McAfee Firewall Enterprise Release Notes (20120628-153938) McAfee Firewall Enterprise Release Notes (20120429-082422) What's New in This Release RSA added support for McAfee Firewall Enterprise 8.2. McAfee Firewall Enterprise Release Notes (20120328-170659) McAfee Firewall Enterprise Release Notes (20120201-163743) McAfee Firewall Enterprise Release Notes (20120105-082058) Content 2.0 Release Notes 5

6 Content 2.0 Release Notes

Standard Content Release Notes McAfee Firewall Enterprise Release Notes (20120429-082422) What's New in This Release RSA added support for McAfee Firewall Enterprise 8.2. Standard Content Release Notes 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information