McAfee Enterprise Security Manager. Data Source Configuration Guide. Infoblox NIOS. Data Source: September 2, 2014. Infoblox NIOS Page 1 of 8



Similar documents
Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

Traffic monitoring on ProCurve switches with sflow and InMon Traffic Sentinel

GETTING STARTED With the Control Panel Table of Contents

TECHNICAL BULLETIN. Title: Remote Access Via Internet Date: 12/21/2011 Version: 1.1 Product: Hikvision DVR Action Required: Information Only

Mobile Device Manager Admin Guide. Reports and Alerts

MaaS360 Cloud Extender

Pexip Infinity and Cisco UCM Deployment Guide

HarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation User Guide

STIOffice Integration Installation, FAQ and Troubleshooting

Instructions for Configuring a SAFARI Montage Managed Home Access Expansion Server

Configuring an Client for your Hosting Support POP/IMAP mailbox

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

TaskCentre v4.5 Send Message (SMTP) Tool White Paper

Configuring and Monitoring SysLog Servers

Configuring and Monitoring AS400 Servers. eg Enterprise v5.6

Helpdesk Support Tickets & Knowledgebase

2. When logging is used, which severity level indicates that a device is unusable?

HOWTO: How to configure SSL VPN tunnel gateway (office) to gateway

Webalo Pro Appliance Setup

Configuring BMC AREA LDAP Using AD domain credentials for the BMC Windows User Tool

BackupAssist SQL Add-on

Biznet GIO Cloud - Build Site to Site VPNWith Cisco Router. Site to Site VPN with Cisco Router

Accellion Secure File Transfer

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

Regions File Transmission

Corente Cloud Services Exchange (CSX) Corente Cloud Services Gateway Site Survey Form

PBX Remote Line Extension using Mediatrix 4104 and 1204 June 22, 2011

Connecting to

SITE APPLICATIONS USER GUIDE:

Remote Setup and Configuration of the Outlook Program Information Technology Group

DocAve for Salesforce 3.1

Configuring and Monitoring Network Elements

Preparing to Deploy Reflection : A Guide for System Administrators. Version 14.1

WatchDox for Windows User Guide

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

SQL 2005 Database Management Plans

Remote Desktop Tutorial. By: Virginia Ginny Morris

F5 Local Traffic Manager

Setup PPD IT How-to Guides June 2010

X7500 Series, X4500 Scanner Series MFPs: LDAP Address Book and Authentication Configuration and Basic Troubleshooting Tips

RSA Authentication Manager

WatchDox Outlook Plug-In: Quick Start Guide

TaskCentre v4.5 MS SQL Server Trigger Tool White Paper

User Manual Brainloop Outlook Add-In. Version 3.4

Getting Started Guide

User Guide. Sysgem SysMan Remote Control. By Sysgem AG

Junos Pulse Instructions for Windows and Mac OS X

Click Studios. Passwordstate. RSA SecurID Configuration

Implementing SQL Manage Quick Guide

ISAM TO SQL MIGRATION IN SYSPRO

What is New in LepideAuditor Suite 15.2? This document explains what is new in LepideAuditor Suite 15.2.

LeadStreet Broker Guide

UTO Training Bb Discussion Boards. Technical Assistance: Website: Help Desk Phone: (24/7 support) Instruction

ScaleIO Security Configuration Guide

Simmons GMAIL Client Setup

CallRex 4.2 Installation Guide

Access to the Ashworth College Online Library service is free and provided upon enrollment. To access ProQuest:

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

Using Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors

Blue Link Solutions Terminal Server Configuration How to Install Blue Link Solutions in a Terminal Server Environment

Citrix XenServer from HP Getting Started Guide

LogMeIn Rescue Web SSO via SAML 2.0 Configuration Guide

Copyright 2013, SafeNet, Inc. All rights reserved. We have attempted to make these documents complete, accurate, and

What's New. Sitecore CMS 6.6 & DMS 6.6. A quick guide to the new features in Sitecore 6.6. Sitecore CMS 6.6 & DMS 6.6 What's New Rev:

Your Outlook Mailbox can be accessed from any PC that is connected to the Internet.

TaskCentre v4.5 SMTP Tool White Paper

Durango Merchant Services QuickBooks SyncPay

TRAINING GUIDE. Crystal Reports for Work

E-Biz Web Hosting Control Panel

KronoDesk Migration and Integration Guide Inflectra Corporation

Getting Started Guide

CXA-300-1I: Advanced Administration for Citrix XenApp 5.0 for Windows Server 2008

Getting Started Guide

SpiraPlan & SpiraTeam Version Control Integration User Guide Inflectra Corporation

A10 Networks Load Balancer

A COMPLETE GUIDE TO ORACLE BI DISCOVERER END USER LAYER (EUL)

Avatier Identity Management Suite

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE Savision B.V. savision.com All rights reserved.

Aladdin HASP SRM Key Problem Resolution

Safe PST Backup Enterprise Edition Administrator Guide

Telelink 6. Installation Manual

PS+ Assurance. User Guide Version: 1.0. Page 1

Click here to open the library

BRILL s Editorial Manager (EM) Manual for Authors Table of Contents

3. Change the Incoming Mail (POP3) information to the POP3 or Incoming Mail Server Name provided when your account is setup.

Mobile Deployment Guide For Apple ios

How to deploy IVE Active-Active and Active-Passive clusters

Configuring and Monitoring NetApp Products

VMware View Windows XP Optimization

DTU Data Transfer Utilities Software User manual

Live Analytics for Kaltura Live Streaming Information Guide. Version: Jupiter

Setup Instructions Glion Online

Transcription:

McAfee Enterprise Security Manager Data Surce Cnfiguratin Guide Data Surce: Infblx NIOS September 2, 2014 Infblx NIOS Page 1 f 8

Imprtant Nte: The infrmatin cntained in this dcument is cnfidential and prprietary. Please d nt redistribute withut permissin. Infblx NIOS Page 2 f 8

Table f Cntents 1 Intrductin 4 2 Prerequisites 4 3 Specific Data Surce Cnfiguratin Details 5 3.1 Infblx NIOS Cnfiguratin 5 Cnfiguring Syslg fr a Grid Member 5 3.2 McAfee Receiver Cnfiguratin 7 4 Appendix A - Generic Syslg Cnfiguratin Details 8 5 Appendix B - Trubleshting 8 Infblx NIOS Page 3 f 8

1 Intrductin This guide details hw t cnfigure Infblx NIOS t send syslg data in the prper frmat t the ESM. 2 Prerequisites McAfee Enterprise Security Manager Versin 9.0.0 and abve. In rder t cnfigure the Infblx NIOS syslg service, apprpriate administrative level access is required t perfrm the necessary changes dcumented belw. Infblx NIOS Page 4 f 8

3 Specific Data Surce Cnfiguratin Details 3.1 Infblx NIOS Cnfiguratin 1. Frm the Grid perspective, click grid ->Edit -> Grid Prperties Or Frm the Device perspective, click hstname -> Edit -> Device Prperties 2. In Grid r Device editr, click Mnitring, and then enter the fllwing: - Enable external syslg server: Select this check bx t enable the Infblx device t send messages t the specified syslg server. - Syslg Server Grup: Define ne r mre syslg servers: click Add, enter the fllwing, then click OK: Server Address: Enter the IP address f the syslg server. Cnnectin Type: Specify whether the device uses TCP r UDP t cnnect t the external syslg server. Prt: Specify the destinatin prt number. (Standard prt is 514) Out Interface: Specify the interface thrugh which the device sends syslg messages t the syslg server. Severity Filter: Chse a filter frm the drp-dwn list. Message Surce: Specify which syslg messages the device sends t the external syslg server:! Internal: Device sends the syslg messages that it generates.! External: Device sends the syslg messages that it receives frm ther devices, such as syslg servers and ruters.! Any: Device sends bth internal and external syslg messages. Cpy audit lg messages t syslg: Select the check bx fr the Infblx device t include audit lg messages amng the messages it sends t the syslg server. This functin can be helpful fr mnitring administrative activity n multiple devices frm a central lcatin. Audit Lg Facility: Chse the facility where yu want the syslg server t srt the audit lg messages. 3. Click the Save icn t save yur settings. Cnfiguring Syslg fr a Grid Member 1. Frm the Grid perspective, click + (fr grid) -> + (fr Members) -> member -> Edit -> Member Prperties. 2. In the Grid Member editr, click Mnitring, and enter the fllwing: Override grid syslg settings: Select the check bx t verride grid-level syslg settings and apply member-level settings. Enable external syslg server: Select the check bx t enable the Infblx device t send messages t a specified syslg server. Syslg Server Grup: T define ne r mre syslg servers, click Add, enter the fllwing, and then click OK:! Server Address: Type the IP address f a syslg server.! Cnnectin Type: Specify whether the device uses TCP r UDP t cnnect t the external syslg-server.! Prt: Specify the destinatin prt number. Infblx NIOS Page 5 f 8

! Out Interface: Specify the interface thrugh which the device sends syslg messages t the syslg server.! Severity Filter: Chse a filter frm the drp-dwn list. Message Surce: Specify which syslg messages the device sends t the external syslg server:! Internal: The device sends the syslg messages that it generates.! External: The device sends the syslg messages that it receives frm ther devices! Any: The device sends bth internal and external syslg messages. - Enable syslg prxy: Select this check bx t enable the device t receive syslg messages frm ther devices, such as syslg servers and ruters, and then frward these messages t an external syslg server. - Enable listening n TCP: Select this check bx if the device uses TCP t receive messages frm ther devices. Prt: Enter the prt number thrugh which the device receives syslg messages frm ther devices. - Prxy Client Access Cntrl: Click Add, enter the fllwing in the Access Cntrl Item dialg bx, and then click OK: IP Address ptin: Select IP Address if yu are adding the IP address f a device, r select Netwrk if yu are adding the netwrk address f a grup f devices.! Address: Enter the IP address f the device r netwrk.! Subnet Mask: If yu entered a netwrk IP address, yu must als enter its subnet mask. 3. Click the Save icn t save yur settings. Infblx NIOS Page 6 f 8

3.2 McAfee Receiver Cnfiguratin After successfully lgging int the McAfee ESM cnsle the data surce will need t be added t a McAfee Receiver in the ESM hierarchy. 1. Select the Receiver yu are applying the data surce setting t. 2. Select the Receiver prperties. 3. Frm the Receiver Prperties listing, select Data Surces. 4. Select Add Data Surce. OR 1. Select the Receiver yu are applying the data surce setting t. 2. After selecting the Receiver, select the Add Data Surce icn. Data Surce Screen Settings 1. Data Surce Vendr Infblx 2. Data Surce Mdel NIOS (ASP) 3. Data Frmat Default 4. Data Retrieval Default 5. Enabled: Parsing/Lgging/SNMP Trap Parsing 6. Name Name f data surce 7. IP Address/Hstname The IP address and hst name assciated with the data surce device. 8. Syslg Relay Nne 9. Mask 32 10. Require Syslg TLS Enable t require the Receiver t cmmunicate ver TLS. 11. Supprt Generic Syslgs D nthing 12. Time Zne Time zne f data being sent. Nte Refer t Appendix A fr details n the Data Surce Screen ptins Infblx NIOS Page 7 f 8

4 Appendix A - Generic Syslg Cnfiguratin Details Once yu select the ptin t add a data surce, yu are taken t the Add Data Surce menu. The general ptins fr adding a data surce are shwn. As yu select different ptins, additinal parameters may shw. Each f these parameters will be examined in mre detail. 1. Use System Prfiles System Prfiles are a way t use settings that are repetitive in nature, withut having t enter the infrmatin each time. An example is WMI credentials, which are necessary t retrieve Windws Event Lgs if WMI is the chsen mechanism. 2. Data Surce Vendr List f all supprted vendrs. 3. Data Surce Mdel List f supprted prducts fr a vendr. 4. Data Frmat Data Frmat is the frmat the data is in. Optins are Default, CEF, and MEF. Nte If yu chse CEF it will enable the generic rule fr CEF and may nt parse data surce-specific details. 5. Data Retrieval Data Retrieval allws yu t select hw the Receiver is ging t cllect the data. Default is ver syslg. 6. Enabled: Parsing/Lgging/SNMP Trap Enables parsing f the data surce, lgging f the data surce, and receptin f SNMP traps frm the data surce. If n ptin is checked, the settings are saved t the ESM, but nt written t the Receiver r utilized. Default is t select Parsing. 7. Name This is the name that will appear in the Lgical Device Grupings tree and the filter lists. 8. IP Address/Hstname The IP address and hst name assciated with the data surce device. 9. Syslg Relay Syslg Relay allws data t be cllected via relays and bucketed t the crrect data surce. Enable syslg relay n relay surces such as Syslg-NG. 10. Mask Enables yu t apply a mask t an IP address s that a range f IP addresses can be accepted. 11. Require Syslg TLS Enable t require the receiver t cmmunicate ver TLS. 12. Supprt Generic Syslg Generic Syslg allws users t select Parse generic syslg r Lg unknwn syslg event. Bth these ptins will create an alert fr an aut-learned syslg event if there is n parsing rule. 13. Time Zne - If syslg events are sent in a time zne ther than GMT, yu need t set the time zne f the data surce s the date n the events can be set accrdingly. 14. Interface Opens the receiver interface settings t assciate prts with streams f infrmatin. 15. Advanced Opens advanced settings fr the data surce. 5 Appendix B - Trubleshting If a data surce is nt receiving events, verify that the data surce settings have been written ut and that plicy has been rlled ut t the Receiver. If yu see errrs saying events are being discarded because the Last Time value is mre than ne hur in the future, r the values are incrrect, yu may need t adjust the Time Zne setting. Infblx NIOS Page 8 f 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information