Flat File Policy
The 'Flat-File' policy type allows administrators to configure the agents to track and collect a specific log file from the endpoint at which it is installed. The administrator can define the path of the file in the 'Details' section, create a schedule to collect the file and define a blackout period during which the agent will not collect logs. The newly created policy can then be deployed onto required agents.
To create a flat file policy
- Open the Collection Policies interface by clicking the 'Navigational Menu' button from the top right, choosing 'Agents' from the options and then clicking 'Collection Policies'.
- Click the 'Add' button at the bottom of the 'Collection Policies' screen at the left.
The configuration screen for creating a new policy will be displayed.
By default, the screen to create a Flat-File policy type will be displayed.
- To return to flat-file policy type from a different configuration screen, choose 'flat-file' from the 'Policy Type' drop-down.
- Enter a name for the new policy in the 'Policy Name' field
Next you need to configure the details defining the source of log collection, schedule and blackout period of log collection.
To configure the details for the new policy
- Click the 'Details' stripe
- Source File Patch - Enter the location of the log file in the endpoint that the agent should collect and forward to NxSIEM server
- Event Group: Select the 'Event Group' for which the log should be collected. The options available are:
- Firewall and UTM
- Application
- Endpoint Security
- Data Protection
- Network Intrusion Detection & Protection
- Network Monitoring
- Event Type - Choose the product for which the logs are to be collected, based on the chosen event group.
- Time Type - Select the time stamp that the agent should use for the logs, whether to use host machine's time stamp or the log's own time stamp
- Time Format - Select the time format to be used, from the drop-down.
- Click the 'Schedule' stripe
The 'Timing' section allows you to define the period for log collection.
- Occurs - Select the period for log collection from the drop-down. The options available are:
- Hourly
- Daily
- Weekdays
- Weekend
- Weekly
- Monthly
- Reoccurs every - Enter the frequency for log collection at the chosen days. For example, if you select 'Daily' and enter 2, then the agent will collect the logs once in every 2 days
- Occurs At - Enter the exact time at which the log should be collected
- Start - Select the start month from the drop-down
- End - Select the end month from the drop-down
To configure a blackout period
- Click the 'Blackout' stripe
The 'Timing' section allows you to define the blackout period.
- Occurs - Select the period for blackout from the drop-down. The options available are:
- Daily
- Weekdays
- Weekend
- Weekly
- Monthly
- Reoccurs every - Enter the frequency for blackout period. For example, if you choose daily and enter 2, then the blackout will occur once in every 2 days
The 'Duration' section allows you to define the start and end time for blackout duration within the chosen period.
- Start - Enter the start time for the blackout duration
- End - Enter the end time for the blackout duration
- Click the 'Submit' button to save your changes.
The policy will be added to NxSIEM and will be available for deployment to endpoints. Refer to the section 'Configuring Log Collection Policies' for more details about deploying the newly created policy onto customer's endpoints.