RSA Security Analytics



Similar documents
RSA Security Analytics

RSA Security Analytics

RSA Security Analytics

RSA Security Analytics

vsphere Single Host Management

RSA Security Analytics

RSA Security Analytics Netflow Collection Configuration Guide

RSA Security Analytics Netflow Collection Configuration Guide

Step by Step: vcenter Syslog Collector installation

vcenter Support Assistant User's Guide

RSA Security Analytics

VMware vcenter Log Insight Administration Guide

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

vsphere Host Profiles

RSA Event Source Configuration Guide. McAfee Database Security

RSA Security Analytics Virtual Appliance Setup Guide

Fireware How To Logging and Notification

RSA Security Analytics

Managing Multi-Hypervisor Environments with vcenter Server

vshield Administration Guide

How to Secure a Groove Manager Web Site

VMware vcenter Log Insight Installation and Administration Guide

EMC ViPR Controller. Version 2.4. User Interface Virtual Data Center Configuration Guide REV 01 DRAFT

Installing and Configuring vcloud Connector

Installing and Configuring vcenter Multi-Hypervisor Manager

VMware vcenter Log Insight Getting Started Guide

StarWind iscsi SAN Software: Using StarWind with VMware ESX Server

Using the vcenter Orchestrator Plug-In for vsphere Auto Deploy 1.0

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Quick Start Guide For Ipswitch Failover v9.0

vrealize Operations Manager Customization and Administration Guide

QNAP Plug-in for vsphere Client: A User s Guide. Updated December QNAP Systems, Inc. All Rights Reserved. V1.0

Acronis Backup & Recovery 10 Advanced Server Virtual Edition. Quick Start Guide

RSA Event Source Configuration Guide. Microsoft Internet Information Services

Enabling Remote Management of SQL Server Integration Services

RSA Event Source Configuration Guide. EMC Avamar

vsphere Replication for Disaster Recovery to Cloud

Virtual Appliance Setup Guide

vsphere Replication for Disaster Recovery to Cloud

How to Create a Virtual Switch in VMware ESXi

VMware for Bosch VMS. en Software Manual

Changing Your Cameleon Server IP

StarWind iscsi SAN Software: Configuring High Availability Storage for VMware vsphere and ESX Server

Backing Up the CTERA Portal Using Veeam Backup & Replication. CTERA Portal Datacenter Edition. May 2014 Version 4.0

Management Pack for vrealize Infrastructure Navigator

RSA Event Source Configuration Guide. RSA Data Loss Prevention Suite

Enterprise Manager. Version 6.2. Installation Guide

Juniper Networks Management Pack Documentation

Quick Start Guide. for Installing vnios Software on. VMware Platforms

Core Protection for Virtual Machines 1

vrealize Automation Load Balancing

Virtual Dashboard for VMware and Hyper-V

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Advanced Service Design

Series 4 and Series 5 Hardware Appliance Imaging Guide

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

vsphere Networking ESXi 5.0 vcenter Server 5.0 EN

How do I set up a branch office VPN tunnel with the Management Server?

Installing and Configuring vcloud Connector

Bosch Video Management System High availability with VMware

DP-313 Wireless Print Server

LifeSize Transit Virtual Appliance Installation Guide June 2011

VMware Auto Deploy GUI. VMware Auto Deploy Gui 5.0 Practical guide

NovaBACKUP Virtual Dashboard

MadCap Software. Upgrading Guide. Pulse

Lab - Configure a Windows 7 Firewall

Migrating MSDE to Microsoft SQL 2008 R2 Express

How to Use vsphere to Connect to and Manage an ESXi Hypervisor Installation

To install the SMTP service:

ESET SECURE AUTHENTICATION. Check Point Software SSL VPN Integration Guide

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Building a Penetration Testing Virtual Computer Laboratory

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

HP Device Manager 4.6

Veeam Backup Enterprise Manager. Version 7.0

VMware vcloud Air Networking Guide

EMC Data Domain Management Center

Chapter 8 Monitoring and Logging

CTERA Agent for Mac OS-X

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

Setting up Citrix XenServer for 2X VirtualDesktopServer Manual

Moxa Device Manager 2.3 User s Manual

PrintFleet Local Beacon

EMC AVAMAR INTEGRATION WITH EMC DATA DOMAIN SYSTEMS

Immotec Systems, Inc. SQL Server 2005 Installation Document

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

StarWind iscsi SAN Software: Tape Drives Using StarWind and Symantec Backup Exec

LPR for Windows 95/98/Me/2000/XP TCP/IP Printing User s Guide. Rev. 03 (November, 2001)

SOA Software API Gateway Appliance 7.1.x Administration Guide

Set Up a VM-Series NSX Edition Firewall

Reference to common tasks

Replacing vcenter Server 4.0 Certificates VMware vsphere 4.0

How to Create a Basic VPN Connection in Panda GateDefender eseries

VMware vsphere 5.5: Install, Configure, Manage Lab Addendum. Lab 4: Working with Virtual Machines

vsphere Administration with the vsphere Client

FTP Server Configuration

VMware vcenter Log Insight Getting Started Guide

Installing and Configuring vcenter Support Assistant

Transcription:

RSA Security Analytics Event Source Log Configuration Guide VMware NSX Last Modified: Friday, March 13, 2015 Event Source Product Information: Vendor: VMware Event Source: VMware NSX Version: 6.1.2 RSA Product Information: Supported On: Security Analytics 10.0 and later Event Source Type: vmware_nsx, vmware_vshield Note: VMware NSX Edge Firewall is supported with the vmware_vshield parser. VMware NSX Distributed Firewall is supported with the vmware_nsx parser. Collection Method: Syslog Event Source Class.Subclass: Hosts.Virtualization

To configure VMware NSX, you must complete these tasks: Configure VMware NSX to send Logs to Security Analytics Configure the Security Analytics Log Collector for Syslog Collection Configure VMware NSX to Send Logs to Security Analytics VMware NSX is a software networking and security virtualization platform that delivers the operational model of a virtual machine for the network. Virtual networks reproduce the Layer2 - Layer7 network model in software, allowing complex multi-tier network topologies to be created and provisioned through programming in seconds. NSX includes a library of logical switches, logical routers, logical firewalls, logical load balancers, logical VPN, QOS and distributed security. Configure VMware NSX to send Distributed Firewall Logs You can configure VMware NSX to send the NSX Distributed Firewall logs (classified as dfwpktlogs) to the RSA Security Analytics platform. Note: All ESXi related logs will be received as well. Since the Firewall event logs are packaged with the ESXi logs, you need to configure Syslog on your ESXi Hosts. To configure Syslog on a VMware ESXi host: Note: These instructions are reproduced from the VMware vsphere 5.5 Documentation Center. 1. Log on to the VMware vsphere Web Client. 2. In the left navigation pane, select vcenter. 3. In the vsphere Web Client inventory, select Hosts, and select the host that you want to configure. 4. Click the Manage tab. 5. In the System panel, click Advanced System Settings. 2

6. Locate the Syslog section of the Advanced System Settings list. 7. To set up logging globally, select the setting to change and click the Edit icon. Option Syslog.global.defaultRotate Syslog.global.defaultSize Syslog.global.LogDir Syslog.global.logDirUnique Syslog.global.LogHost Description Sets the maximum number of archives to keep. You can set this number globally and for individual subloggers. Sets the default size of the log, in KB, before the system rotates logs. You can set this number globally and for individual subloggers. Directory where logs are stored. The directory can be located on mounted NFS or VMFS volumes. Only the /scratch directory on the local file system is persistent across reboots. The directory should be specified as [datastorename] path_to_file where the path is relative to the root of the volume backing the datastore. For example, the path [storage1] /systemlogs maps to the path /vmfs/volumes/storage1/systemlogs Selecting this option creates a subdirectory with the name of the ESXi host under the directory specified by Syslog.global.LogDir. A unique directory is useful if the same NFS directory is used by multiple ESXi hosts. Remote host to which syslog messages are forwarded and port on which the remote host receives syslog messages. You can include the protocol and the port, for example, ssl://hostname1:514. UDP (default), TCP, and SSL are supported. Enter the IP address for the Security Analytics Log Decoder or Remote Log Collector. 8. (Optional) To overwrite the default log size and log rotation for any of the logs: 3

a. Click the name of the log that you want to customize. b. Click the Edit Icon and enter the number of rotations and log size that you want. 9. Click OK. Changes to the syslog options take effect immediately. Configure VMware NSX to send Edge Firewall Logs You can configure VMware NSX to send the NSX Edge Firewall logs to the RSA Security Analytics platform. You can configure one or two remote syslog servers. NSX Edge events and logs related to firewall events that flow from NSX Edge appliances are sent to the syslog servers. Note: These instructions are reproduced from the VMware NSX 6 Documentation Center. To configure VMware NSX to send NSX Edge logs: 1. Log in to the vsphere Web Client. 2. Click Networking & Security and then click NSX Edges. 3. Double-click an NSX Edge. 4. Click the Monitor tab and then click the Settings tab. 5. In the Details panel, click Change next to Syslog servers. 6. Enter the IP address for the Security Analytics Log Decoder or Remote Log Collector. 7. Click OK to save the configuration. Configure the Security Analytics Log Collector for Syslog Collection Note: You only need to configure Syslog collection the first time that you set up an event source that uses Syslog to send its output to Security Analytics. You should configure either the Log Decoder or the Remote Log Collector for Syslog. You do not need to configure both. To configure the Log Decoder for Syslog collection: 1. In the Security Analytics menu, select Administration > Services. 2. In the Services grid, select a Log Decoder, and from the Actions menu, choose View > System. 4

3. Depending on the icon you see, do one of the following: If you see, click the icon to start capturing Syslog. If you see, you do not need to do anything; this Log Decoder is already capturing Syslog. 4. Ensure that the parser for your event source is enabled. a. From the System pull-down menu, select Config. b. In the Service Parsers Configuration panel, search for your event source. c. Ensure that the Config Value field for your event source is selected. To configure the Remote Log Collector for Syslog collection: 1. In the Security Analytics menu, select Administration > Services. 2. In the Services grid, select a Remote Log Collector, and from the Actions menu, choose View > Config > Event Sources. 3. Select Syslog/Config from the drop-down menu. The Event Categories panel displays the Syslog event sources that are configured, if any. 4. In the Event Categories panel toolbar, click +. The Available Event Source Types dialog is displayed. 5. Select either syslog-tcp or syslog-udp. You can set up either or both, depending on the needs of your organization. 6. Select the new type in the Event Categories panel and click + in the Sources panel toolbar. The Add Source dialog is displayed. 7. Enter 514 for the port, and select Enabled. Optionally, configure any of the Advanced parameters as necessary. Click OK to accept your changes and close the dialog box. Once you configure one or both syslog types, the Remote Log Collector collects those types of messages from all available event sources. So, you can continue to add Syslog event sources to your system without needing to do any further configuration in Security Analytics. 5

Copyright 2015 EMC Corporation. All Rights Reserved. Trademarks RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of RSA trademarks, go to www.rsa.com/legal/trademarks_list.pdf. Published in the USA. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information