Syslog sensor | Valid property names are as follows: Sample CSV formats for a syslog sensor is as follows:
hosts,*,port,514,enabled,true
hosts,centralunixhost,port,515,enabled,true |
Logfile sensor
|
Valid property names are as follows:
A sample CSV format for a LogFile sensor is as follows:
LogFilePath,C:\Program Files\Symantec\ITA\logs,InitialReadPolicy,
BEGINNING,LogFileName,iquery.out,enabled,true
|
Database sensor
|
Valid property names are as follows:
A sample CSV format for a database sensor is as follows: enabled,true,JdbcDriverDir,/opt/Symantec/simserver/collectors/
drivers/mssqljdbc_2005/enu/,DatabaseURL,jdbc:sqlserver:
//192.168.1.234:1433;DatabaseName=RealSecureDB,
DatabaseUserName,readonlyuser,DatabasePassword,mypassword,
InitialReadPolicy,BEGINNING
|
Syslog File sensor
|
Valid property names are as follows:
A sample CSV format for a log or syslog file sensor is as follows: enabled,false,name,messages,LogPath,/var/log,
LogToMonitor,messages,NameIsDynamic,true,FileEncoding,UTF-8,
EndOfFileMarker,EOF,InitialReadPolicy,Last Position,
EndOfRecordMarker,ENDOFLINE,MonitorInRealTime,true,
TimeOffset,+00:00 |
Windows Event Log sensor
|
Valid property names are as follows:
-
hostName
-
accountName
-
password
-
historyDays
-
eventLogs
Important notes on Windows Event Log sensor fields are as follows:
-
When you export the existing collector configuration in XML format, the "accountName" and "password" values are hashed (encrypted).
However, when you create the CVS file, you must enter these values in the cleartext form.
You must take necessary precautions to secure these files in transmission and storage to protect the cleartext authentication
credentials.
-
For a computer that is located in a Windows domain, the "accountName" value must be in the following format:
DomainName\AccountName
-
For a computer that is not in a Windows domain, the "accountName" value must be in the following format:
HostName\AccountName
-
When you export the existing collector configuration in XML format, the "eventLogs" property consists of comma-separated values.
However, you must not list the values in this format when you create the CSV file. If you do so, only the first entry is
accepted.
If more than one Event Log is to be audited, you can add the additional Event Log values for a single collector configuration
in the Information Manager console in System > Product Configurations. Then, use Global Update to include the additional
the Event Logs for the multiple sensors.
See Globally updating sensor properties.
A sample CSV format for a Windows Event Log sensor is as follows:
hostName,centralwinprod,accountName,MSDomain\administrator,password,
fakepassword,historyDays,1,eventLogs,Security
hostName,branchwintest,accountName,branchwintest\logreader,password,
testpassword,historyDays,7,eventLogs,System
Note:
If the hostName value is 127.0.0.1 or localhost, the accountName and password values are not required.
|
OPSEC LEA sensor
|
Valid property names are as follows:
A sample CSV format for an OPSEC LEA sensor is as follows: enabled,false,opsec application name,MyOPSECApp,
opsec application password,Mypassword,
InitialReadPolicy,BEGINNING,MonitorInRealTime,true,
lea_server ip,192.168.1.207,lea_server auth_port,18184,
lea_server auth_type,sslca,lea_server port,0,
lea_server opsec_entity_sic_name,CN=cp_mgmt,O=MyOrg..vifxrc,
opsec_sic_name,CN=MyOPSECApp,O=MyOrg..vifxrc,
read_audit_log,true |
