Integrate Astaro Security Gateway

Similar documents
Integrating Symantec Endpoint Protection

Integrate Microsoft Windows Hyper V

Integrate Cisco IronPort Security Appliance (ESA)

Integrate Websense Web Security Gateway (WSG)

Integrating Juniper Netscreen (ScreenOS)

Integrate Cisco IronPort Web Security Appliance (WSA)

Integrating Barracuda Web Application Firewall

Enable File and Folder Auditing

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

EventTracker: Support to Non English Systems

Integrate Check Point Firewall

How To- Create Local Account and Active Directory Authentication EventTracker Enterprise

IIS Web Server Configuration Guide

EventTracker: Configuring DLA Extension for AWStats Report AWStats Reports

IIS Web Server Configuration Guide

EventTracker: Configuring DLA Extension for AWStats report AWStats Reports

EventTracker: Integrating Imperva SecureSphere

Monitor Mobile Devices via ActiveSync Using EventTracker

Secure IIS Web Server with SSL

Upgrade Guide. Upgrading to EventTracker v6.0. Upgrade Guide Columbia Gateway Drive, Suite 250 Publication Date: Sep 20, 2007.

How to Install MS SQL Server Express

Monitoring SharePoint 2007/2010/2013 Server Using Event Tracker

EventTracker Enterprise v7.3 Installation Guide

Fifty Critical Alerts for Monitoring Windows Servers Best practices

How to - Install EventTracker and Change Audit Agent

Deploying the Workspace Application for Microsoft SharePoint Online

Apache: Analyze Logs for Malicious Activities & Monitor Server Performance

Pipeliner CRM Phaenomena Guide Sales Pipeline Management Pipelinersales Inc.

EventTracker Knowledge Update

Monitor DHCP Logs. EventTracker. EventTracker Centre Park Drive Columbia MD Publication Date: July 16, 2009

Microsoft Dynamics GP SQL Server Reporting Services Guide

Knowledge Base Articles

5nine Security for Hyper-V Datacenter Edition. Version 3.0 Plugin for Microsoft System Center 2012 Virtual Machine Manager

Pipeliner CRM Phaenomena Guide Add-In for MS Outlook Pipelinersales Inc.

AD RMS Step-by-Step Guide

Hyper-V Server 2008 Setup and Configuration Tool Guide

Windows Small Business Server 2003 Upgrade Best Practices

Immotec Systems, Inc. SQL Server 2005 Installation Document

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

BusinessObjects Enterprise XI Release 2

Pipeliner CRM Phaenomena Guide Administration & Setup Pipelinersales Inc.

Hardening Guide for EventTracker Server

NTP Software File Auditor for Windows Edition

Sophos Anti-Virus for NetApp Storage Systems startup guide

Pipeliner CRM Phaenomena Guide Opportunity Management Pipelinersales Inc.

Virtual Office Remote Installation Guide

Customizing Remote Desktop Web Access by Using Windows SharePoint Services Stepby-Step

NSi Mobile Installation Guide. Version 6.2

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Citect and Microsoft Windows XP Service Pack 2

Pipeliner CRM Phaenomena Guide Sales Target Tracking Pipelinersales Inc.

Services Deployment. Administrator Guide

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Technical Brief for Windows Home Server Remote Access

Business Portal for Microsoft Dynamics GP Field Service Suite

Dell SonicWALL Aventail Connect Tunnel User Guide

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

LepideAuditor Suite for File Server. Installation and Configuration Guide

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

SonicOS 5.9 One Touch Configuration Guide

RSA Event Source Configuration Guide. McAfee Database Security

LOAD BALANCING 2X APPLICATIONSERVER XG SECURE CLIENT GATEWAYS THROUGH MICROSOFT NETWORK LOAD BALANCING

Troubleshooting File and Printer Sharing in Microsoft Windows XP

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.

Nexio Connectus Cluster Set Up with SQL Server Backend

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Monitoring Windows Workstations Seven Important Events

Symantec Endpoint Protection Getting Started Guide

Strong Authentication for Juniper Networks SSL VPN

Introduction to Hyper-V High- Availability with Failover Clustering

File and Printer Sharing with Microsoft Windows

Endpoint Security Console. Version 3.0 User Guide

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

Windows Server Update Services 3.0 SP2 Step By Step Guide

Managing Linux Servers with System Center 2012 R2

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Disaster Recovery. Websense Web Security Web Security Gateway. v7.6

How to Secure a Groove Manager Web Site

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Firewall Defaults and Some Basic Rules

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Implementing and Supporting Windows Intune

SonicWALL Global Management System Reporting Guide Standard Edition

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Veeam Backup Enterprise Manager. Version 7.0

Business Portal for Microsoft Dynamics GP. Project Time and Expense Administrator s Guide Release 10.0

Sophos for Microsoft SharePoint startup guide

Sophos Anti-Virus for NetApp Storage Systems user guide. Product version: 3.0

MDM Mass Configuration Tool User s Manual

MobileStatus Server Installation and Configuration Guide

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

Setting up Citrix XenServer for 2X VirtualDesktopServer Manual

Project management integrated into Outlook

Diamond II v2.3 Service Pack 4 Installation Manual

Installation Guide. Novell Storage Manager for Active Directory. Novell Storage Manager for Active Directory Installation Guide

Accessing the Media General SSL VPN

Transcription:

Integrate Astaro Security Gateway EventTracker v7.x Publication Date: July 24, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com

Abstract This guide provides instructions to configure Astaro Security Gateway to send the syslog events to EventTracker Enterprise. Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version 7.X and later, Astaro Security Gateway v7 and later. Audience Administrators who are responsible for monitoring Astaro Security Gateway using EventTracker Manager. The information contained in this document represents the current view of Prism Microsystems Inc. on the issues discussed as of the date of publication. Because Prism Microsystems must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Prism Microsystems, and Prism Microsystems cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. Prism Microsystems MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from Prism, as long as its content is unaltered, nothing is added to the content and credit to Prism is provided. Prism Microsystems may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Prism Microsystems, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. 2014 Prism Microsystems Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 1

Table of Contents Abstract... 1 Scope... 1 Audience... 1 Astaro Security Gateway... 3 Prerequisites... 3 Configure Astaro Security Gateway to send syslog to EventTracker... 3 Enable Logging to a Syslog Host... 3 Monitoring Events of Astaro Security Gateway... 5 Import Astaro Security Gateway knowledge pack into EventTracker... 6 Import Category... 6 Import Alerts... 7 Verify Astaro Security Gateway knowledge pack in EventTracker... 8 Verify categories... 8 Verify alerts... 8 EventTracker Knowledge Pack... 10 Categories... 10 Alerts... 13 2

Astaro Security Gateway The Astaro Security Gateway is a flexible, full gateway security appliance that can be deployed and configured to fit almost any environment. This product is available as a full hardware appliance, software installation or virtual appliance. The Security Gateway offers firewall and intrusion prevention protection along with application control, web content filtering, gateway anti-virus, email content filtering and anti-spam. Prerequisites EventTracker v7.x should be installed. Astaro Security Gateway v7 and later should be installed and configured. Configure Astaro Security Gateway to send syslog to EventTracker Enable Logging to a Syslog Host To configure a remote syslog server, proceed as follows: 1. On the Remote Syslog Server tab enable remote syslog. 2. Click status icon or the Enable button. The status icon turns amber and the Remote Syslog Settings area becomes editable. 3. Click the plus icon in the Syslog Servers box to create a server. The Add Syslog Server dialog box opens. 4. Make the following settings: Name: Enter a descriptive name for the remote syslog server. Server: Add or select the host that should receive log data from gateway. 3

Caution - Do not use one of the gateway's own interfaces as a remote syslog host, since this will result in a logging loop. Port: Add or select port which is to be used for the connection. 5. Click Apply. Your settings will be saved. 4

Monitoring Events of Astaro Security Gateway Monitoring events provides detailed information about ongoing activities in your network. Astaro Security Gateway events can be monitored using EventTracker Enterprise as follows: Antivirus events Authentication events Clustering events Content Filtering events Firewall events High Availability events Intrusion Detection and Prevention events Virtual Private Networks events 5

Import Astaro Security Gateway knowledge pack into EventTracker 1. Launch EventTracker Control Panel. 2. Double click ExportImport Utility, and then click the Import tab. Figure 1 Import Category/Alert as given below. Import Category 1. Click Category option, and then click the browse button. 6

2. Locate All Astaro Security Gateway group categories.iscat file, and then click the Open button. 3. To import categories, click the Import button. EventTracker displays success message. Figure 2 4. Click OK, and then click the Close button. Import Alerts 1. Click Alert option, and then click the browse button. 2. Locate All Astaro Security Gateway group alerts.isalt file, and then click the Open button. 3. To import alerts, click the Import button. EventTracker displays success message. Figure 3 4. Click OK, and then click the Close button. 7

Verify Astaro Security Gateway knowledge pack in EventTracker Verify categories 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Categories. 3. To view imported categories, in Category Tree, expand Astaro Security Gateways group folder. Figure 4 Verify alerts 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Alerts. 3. In the Search box, type Astaro Security Gateway, and then click the Go button. Alert Management page will display all the imported alerts. 8

Figure 5 4. To activate the imported alerts, select the respective checkbox in the Active column. EventTracker displays message box. Figure 6 5. Click OK, and then click the Activate Now button. 9

EventTracker Knowledge Pack Categories EventTracker Categories can alert all critical events such as Virus detection, Login failures etc. Events which can be monitored using EventTracker are Astaro security gateways Email blackholed - This category based report provides information related to email blackholed. Astaro security gateways Email passed - This category based report provides information about e-mail passed. Astaro security gateways Email quarantined - This category based report provides information about quarantined emails. Astaro security gateways Email rejected - This category based report provides information about rejected emails. Astaro security gateways File cleaned - This category based report provides information about the files which has been cleaned. Astaro security gateways File not scanned - This category based report provides information about the files which are not scanned. Astaro security gateways Virus detected - category based report provides information about virus detections. Astaro security gateways Authentication failed - This category based report provides information about authentication failures. Astaro security gateways Authentication success - This category based report provides information about successful authentications. Astaro security gateways Config reloaded - This category based report provides information about reloaded configurations. Astaro security gateways Debug message - This category based report provides information about general debug messages. Astaro security gateways Discarded cache - This category based report provides information related to discarded cache. 10

Astaro security gateways Informational messages - This category based report provides information related to informational messages. Astaro security gateways Cluster link failed - This category based report provides information about cluster link failure. Astaro security gateways Cluster updated successfully - This category based report provides information about successfully updated clusters. Astaro security gateways Slave dead - This category based report provides information about worker node goes into slave mode on cluster. Astaro security gateways Web request blocked - This category based report provides information about blocked web requests. Astaro security gateways Web request delivered - This category based report provides information about delivered web requests. Astaro security gateways Invalid packet - This category based report provides information related to invalid packets detections. Astaro security gateways Packet accepted - This category based report provides information about accepted packets. Astaro security gateways Spoofed packet dropped - This category based report provides information about spoofed packets dropped. Astaro security gateways Packet logged - This category based report provides information related to packet logged. Astaro security gateways Packet rejected - This category based report provides information related to packet rejected. Astaro security gateways Grateful take-over - This category based report provides information related to grateful takeover of a HA peer. Astaro security gateways Master dead - This category based report provides information related to master dead. Astaro security gateways Node alive - This category based report provides information about an alive node detected. Astaro security gateways Node dead - This category based report provides information about disappeared nodes. 11

Astaro security gateways Preempt slave - This category based report provides information related to graceful takeover is triggered by preempt Slave. Astaro security gateways Preempt worker - This category based report provides information related to graceful takeover is triggered by preempt Worker. Astaro security gateways Switching to master mode - This category based report provides information related to system switches to master mode. Astaro security gateways Switching to slave mode - This category based report provides information related to the system switches to slave mode. Astaro security gateways Switching to worker mode - This category based report provides information related to the system switches to worker mode. Astaro security gateways: Flow classifier messages - This category based report provides information related to flow classifier messages. Astaro Security gateways: All events - This category based report provides information related to all events of Astaro security gateways. Astaro security gateways: Connection started - This category based report provides information related to the connection started. Astaro security gateways: Connection terminated - This category based report provides information related to the connection terminated. Astaro security gateways: Connections accounted - This category based report provides information related to the connections accounted. Astaro security gateways: ICMP flood detected - This category based report provides information related to the ICMP flood detected. Astaro security gateways: ICMP redirect - This category based report provides information related to the ICMP redirect. Astaro security gateways: Intrusion protection alert - This category based report provides information related to the Intrusion protection alert. Astaro security gateways: Portscan detection: This category based report provides information related to the portscan detected. Astaro security gateways: Spoofed packet dropped: This category based report provides information related to spoofed packet dropped. 12

Astaro security gateways: SYN Flood detected - This category based report provides information related to the SYN Flood detected. Astaro security gateways: UDP flood detected - This category based report provides information related to the UDP flood detected. Alerts Astaro security gateways: Authentication failed - This alert is generated when system or user related authentication fails. Astaro security gateways: Cluster link failed - This alert is generated when cluster link failed. Astaro security gateways: Intrusion detection - This alert is generated when Intrusion is detected. Astaro security gateways: Virus detected - This alert is generated when Virus is detected. 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information