TECHNICAL NOTE INSTALLING AND CONFIGURING ALE USING A CLI. Installing the Adaptive Log Exporter



Similar documents
Adaptive Log Exporter Users Guide

Adaptive Log Exporter Users Guide

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

After you have created your text file, see Adding a Log Source.

Setting up an icap Server for ISG- 1000/2000 AV Support

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

IBM Security QRadar Version (MR1) WinCollect User Guide

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

Identity-Based Traffic Logging and Reporting

Juniper Secure Analytics

Juniper Secure Analytics

Migrating Log Manager to JSA

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

This technical note provides information on how to customize your notifications. This section includes the following topics:

RSA Security Analytics

WinCollect User Guide

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

NSM Plug-In Users Guide

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

REPLACING THE SSL CERTIFICATE

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

JUNOS PULSE APPCONNECT

Remote Logging Agent Configuration Guide

Limitation of Riverbed s Quality of Service (QoS)

Managing Vulnerability Assessment

SMART Classroom Suite 2011

Dell One Identity Cloud Access Manager How to Configure for High Availability

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Integrate Websense Web Security Gateway (WSG)

For Active Directory Installation Guide

JUNOScope IP Service Manager

PrintFleet Local Beacon

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

Education Software Installer 2011

NetIQ Sentinel Quick Start Guide

COORDINATED THREAT CONTROL

RSA Security Analytics

How to add your Weebly website to a TotalCloud hosted Server

MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS

Installing JSA Using a Bootable USB Flash Drive

Tuning Guide. Release Juniper Secure Analytics. Juniper Networks, Inc.

Web Application Firewall

VMware vcenter Log Insight Getting Started Guide

How to - Install EventTracker and Change Audit Agent

Secure, Mobile Access to Corporate , Applications, and Intranet Resources

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

RSA Security Analytics

Log Sources Users Guide

Using the Content Management Tool

Upgrade Guide. CA Application Delivery Analysis 10.1

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

Quick Start Guide for Symantec Event Collector for ForeScout CounterACT

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Acronis Backup & Recovery 11.5 Quick Start Guide

A-AUTO 50 for Windows Setup Guide

Identity-Based Application and Network Profiling

Installation and Deployment

Subscriber Traffic Redirection

Network Configuration Example

IBM Security QRadar Version WinCollect User Guide V7.2.2

SMART Sync Windows operating systems. System administrator s guide

Juniper Secure Analytics

Web Security Firewall Setup. Administrator Guide

Adaptive Log Exporter Service Update

Version 5.0. SurfControl Web Filter for Citrix Installation Guide for Service Pack 2

Migrating Mobile Security for Enterprise (TMMS) 8.0 to version 9.0

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

HP IMC User Behavior Auditor

Sophos for Microsoft SharePoint startup guide

Installing and Configuring vcloud Connector

Deploying Business Objects Crystal Reports Server on IBM InfoSphere Balanced Warehouse C-Class Solution for Windows

Oracle Enterprise Manager. Description. Platforms Supported. Versions Supported

Configuring and Implementing A10

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

How Do I Upgrade Firmware and Save Configurations on PowerConnect Switches?

QRadar SIEM 7.2 Windows Event Collection Overview

4cast Client Specification and Installation

SOA Software API Gateway Appliance 7.1.x Administration Guide

File Transfer Examples. Running commands on other computers and transferring files between computers

RSA Security Analytics

Print Audit 6 Network Installation Guide

VMware vcenter Log Insight Security Guide

Using LifeSize systems with Microsoft Office Communications Server Server Setup

CA NetQoS Performance Center

Installing and Configuring vcenter Multi-Hypervisor Manager

Migrating Trend Micro Mobile Security for Enterprise (TMMS) 8.0 to TMMS 9.0

VMware vcenter Log Insight Administration Guide

Symantec AntiVirus Corporate Edition Patch Update

vsphere Upgrade Update 1 ESXi 6.0 vcenter Server 6.0 EN

vsphere Upgrade vsphere 6.0 EN

STRM Log Manager Administration Guide

EMC ViPR Controller Add-in for Microsoft System Center Virtual Machine Manager

IBM WebSphere Application Server Communications Enabled Applications

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Clearswift SECURE Gateway V3.*

Transcription:

TECHNICAL NOTE INSTALLING AND CONFIGURING ALE USING A CLI NOVEMBER 2010 If you want to install the Adaptive Log Exporter without the installation wizard, this document provides information about installing the Adaptive Log Exporter using a command line interface (CLI) utility. This CLI utility allows you to deploy your Adaptive Log Exporter to multiple remote systems in your deployment using any third-party product that allows remote or batch installs, for example, MSI Packaging Tools or Message-Oriented Middleware (MOM). Note: The procedures in this document assume an advanced knowledge of network administration. This document includes: Installing the Adaptive Log Exporter Updating Your Windows Event Log Device Updating Your TCP Syslog Plug-in Adaptive Log Exporter CLI Utility Examples Windows Event Log Device CLI Utility Examples TCP Syslog Plug-in CLI Utility Examples Installing the Adaptive Log Exporter Step 1 Step 2 Step 3 To install the Adaptive Log Exporter using a CLI: Obtain the Adaptive Log Exporter CLI utility from the Juniper customer support web site: www.juniper.net/support/ Note: Once you download the Adaptive Log Exporter CLI utility, you must select a distribution method to deploy the Adaptive Log Exporter to remote systems in your deployment. Close all other active applications before installing the Adaptive Log Exporter. In a Windows CLI, enter the following command: Release 2010.0 TN24072009-D

2 TECHNICAL NOTE Step 4 s Note: The SP-, VERYSILENT, and SUPPRESSMSGBOXES parameters are required parameters for each command entry. Enter parameters, as necessary. For more information, see s. When entering the CLI utility options, the following parameters are available: Required s Optional s Windows Event Log Monitoring s Note: All parameters are case sensitive. Required s The following parameters are required for the CLI utility: /SP- /VERYSILENT /SUPPRESSMSGBOXES Optional s The following table provides the optional parameters for use with the CLI utility: Table<n=1> Optional s /DIR /COMPONENTS /NOICONS /GROUP Specify the fully qualified path name to the destination directory for the Adaptive Log Exporter installation files. By default, the Adaptive Log Exporter is installed in the Program Files/Adaptive Log Exporter directory. Specify the list of Adaptive Log Exporter components you want to install. The options are: main - Mandatory. You must specify this parameter to install the base components of the Adaptive Log Exporter service. ui - Specify this parameter to install the user interface. If you do not specify any parameters in the /COMPONENTS option, the main and ui components are installed by default. Specify if you do not want to include the Adaptive Log Exporter icon to appear in your Start menu options. By default, the Start menu displays the application as Adaptive Log Exporter. This parameter allows you to define a new group name. Release 2010.0 TN24072009-D

Updating Your Windows Event Log Device 3 Windows Event Log Monitoring s The Windows event log monitoring parameters allow you to automatically create a Windows event log device and a corresponding syslog destination. All of the below parameters must be included in the command. The following table provides the Windows event log monitoring parameters: Table 1-1 Windows Event Log Monitoring s /MONITOR /MONITORDEST /MONITORPROTO /DEVICEADDRESS Specify using a comma separated list of event logs you want to monitor. For example: /MONITOR=Application,Security,System Specify the syslog destination that you want to receive the logs. You can specify this value in an <IP address or hostname>:<port> format. The port number defaults to 514 if not specified. Specify the protocol to use when sending syslog log files. The protocol can be specified as TCP or UDP. The protocol defaults to UDP if not specified. Specify the hostname or IP address you want to use in the syslog header when events are created. To the syslog receiver, this will appear as though this device address generated the message. Updating Your Windows Event Log Device Once you have installed the Adaptive Log Exporter using the CLI utility (see Installing the Adaptive Log Exporter), you can use the CLI utility to update your Windows Event Log Device configuration. Your Windows Event Log Device must be configured in your deployment before you update your Windows Event Log Device using the CLI. Also, ensure your Windows Event Log Device configuration includes the default configuration values before you apply the update. Step 1 Step 2 Step 3 To update your Windows Event Log Device configuration: Download the Windows Event Log Device plug-in from the Juniper customer support web site: www.juniper.net/support/ Close all other active applications before installing the Windows Event Log Device plug-in. In a Windows CLI, enter the following command: /SUPPRESSMSGBOXES /PATCHONLY Note: The SP-, VERYSILENT, and SUPPRESSMSGBOXES parameters are required parameters for each command entry. TN24072009-D Release 2010.0

4 TECHNICAL NOTE Step 4 Enter parameters, as necessary. Table 1-2 Windows Event Log Monitoring s /MONITOR /MONITORDEST /DEVICEADDRESS /PATCHONLY Specify using a comma separated list of event logs you want to monitor. For example: /MONITOR=Application,Security,System Specify the syslog destination that you want to receive the logs. You can specify this value in an <IP address or hostname>:<port> format. The port number defaults to 514 if not specified. Specify the hostname or IP address you want to use in the syslog header when events are created. To the syslog receiver, this appears as though this device address generated the message. Specify this parameter if you update your configuration to a later version of the Windows Event Log plug-in without modifying the existing configuration. Updating Your TCP Syslog Plug-in Step 1 Step 2 Step 3 Step 4 Once you have installed the Adaptive Log Exporter using the CLI utility (see Installing the Adaptive Log Exporter), you can use the CLI utility to update your TCP Syslog plug-in. To update the TCP Syslog plug-in using the CLI: Download the TCP Syslog plug-in from the Juniper customer support web site: www.juniper.net/support/ Close all other active applications before installing an update to the TCP Syslog plug-in. In a Windows CLI, update the plug-in using the following command: /SUPPRESSMSGBOXES /PATCHONLY Note: The SP-, VERYSILENT, and SUPPRESSMSGBOXES parameters are required parameters for each command entry. Enter parameters, as necessary. Table 1-3 Windows Event Log Monitoring s /MONITOR /MONITORDEST Specify using a comma separated list of event logs you want to monitor. For example: /MONITOR=Application,Security,System Specify the syslog destination that you want to receive the logs. You can specify this value in an <IP address or hostname>:<port> format. The port number defaults to 514 if not specified. Release 2010.0 TN24072009-D

Adaptive Log Exporter CLI Utility Examples 5 Table 1-3 Windows Event Log Monitoring s (continued) /DEVICEADDRESS /PATCHONLY Specify the hostname or IP address you want to use in the syslog header when events are created. To the syslog receiver, this appears as though this device address generated the message. Specify this parameter if you update your configuration to a later version of the Windows Event Log plug-in without modifying the existing configuration. Adaptive Log Exporter CLI Utility Examples Install Service Only Service Only Monitoring Windows Security Log Full Install Full Install Monitoring Windows Security Logs This section provides several examples of using the CLI utility including: Install Service Only Service Only Monitoring Windows Security Log Full Install Full Install Monitoring Windows Security Logs If you want to install the Adaptive Log Exporter functionality without the user interface, enter the following command: /COMPONENTS=main If you want to install the Adaptive Log Exporter functionality without the user interface, and you also want to monitor Windows security logs and send events using the default syslog port (UDP port 514), enter the following command: /COMPONENTS=main /MONITOR=Security /MONITORDEST=10.10.100.100 /DEVICEADDRESS=Device hostname or IP address If you want to the fully install the Adaptive Log Exporter, including the user interface and requiring no further configuration, enter the following command: /COMPONENTS=main,ui If you want to fully install the Adaptive Log Exporter, including the user interface and the ability to monitor Windows Security Logs, enter the following command: /COMPONENTS=main,ui /MONITOR=Security /MONITORDEST=Syslog Destination hostname or IP address /DEVICEADDRESS=Device hostname or IP address TN24072009-D Release 2010.0

6 TECHNICAL NOTE Windows Event Log Device CLI Utility Examples Update IP Address for Windows Event Log Device Update Logs Monitored for Windows Event Log Device Copy Files for Windows Event Log Configuration Add a New Windows Event Log Device This section provides several examples of using the CLI utility to update your Windows Event Log Device including: Update IP Address for Windows Event Log Device Update Logs Monitored for Windows Event Log Device Copy Files for Windows Event Log Configuration Add a New Windows Event Log Device If you install the Windows Event Log Device plug-in and want to modify the IP address of the Window Event Log Device, enter the following command: /SUPPRESSMSGBOXES /DEVICEADDRESS=Device hostname or IP address If you install the Windows Event Log Device plug-in and want to change the type of logs you are monitoring, enter the following command: /SUPPRESSMSGBOXES /MONITOR=Security,System If you install the Windows Event Log Device plug-in and want to preserve your existing configuration while copying the necessary updated files from a patch, enter the following command: /SUPPRESSMSGBOXES /PATCHONLY To install a new Windows Event Log Device plug-in, enter the following command: /SUPPRESSMSGBOXES /COMPONENTS=main /DEVICEADDRESS=Device hostname or IP address /MONITOR=Security,Application,System /MONITORDEST=Syslog Destination hostname or IP address:514 TCP Syslog Plug-in CLI Utility Examples Update IP Address for TCP Syslog Plug-in This section provides several examples of using the CLI utility to update your TCP Syslog plug-in including: Update IP Address for TCP Syslog Plug-in Update Logs Monitored for a TCP Syslog Plug-in Copy Files for TCP Syslog Plug-in Add a New TCP Syslog Plug-in If you install the TCP Syslog plug-in and want to modify the device address, enter the following command: ALE_TCPSyslogPlugin_setup.exe /SP- /VERYSILENT /SUPPRESSMSGBOXES /DEVICEADDRESS=Device hostname or IP address Release 2010.0 TN24072009-D

TCP Syslog Plug-in CLI Utility Examples 7 Update Logs Monitored for a TCP Syslog Plug-in Copy Files for TCP Syslog Plug-in Add a New TCP Syslog Plug-in If you install the TCP Syslog plug-in and want to change the type of logs you are monitoring, enter the following command: ALE_TCPSyslogPlugin_setup.exe /SP- /VERYSILENT /SUPPRESSMSGBOXES /MONITOR=Security,System If you install the TCP Syslog plug-in and want to preserve your existing configuration while copying the necessary updated files from a patch, enter the following command: ALE_TCPSyslogPlugin_setup.exe /SP- /VERYSILENT /SUPPRESSMSGBOXES /PATCHONLY To install the TCP Syslog plug-in on a new device, enter the following command: ALE_TCPSyslogPlugin_setup.exe /SP- /VERYSILENT /SUPPRESSMSGBOXES /COMPONENTS=main /DEVICEADDRESS=Device hostname or IP address /MONITOR=Security,Application,System /MONITORDEST=Syslog Destination hostname or IP address:514 TN24072009-D Release 2010.0

Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Copyright Notice Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information