Comodo Help
Find the desired product help
Xcitium NxSIEM

Xcitium NxSIEM

Admin Guide 1.4

English

Print Help Download Help
Appendix 2 - Configuring Endpoints To Forward Logs To NxSIEM Server
  • Introduction To Comodo NxSIEM
    • Logging-in To The Administrative Console
  • The Main Interface
  • The Dashboard
  • Customer Asset Management
    • Adding Customers
    • Adding Assets For Monitoring
      • Hard Assets
      • Soft Assets
    • Downloading And Installing The NxSIEM Agent On Endpoints
    • Configuring Nxlog And Rsyslog Servers To Send Logs To NxSIEM Server
    • Editing Customers
  • Log Collection Agents And Policies
    • Collection Agents
      • Downloading NxSIEM Windows And Linux Agents
      • Managing Agents
      • Agentless Log Collection
    • Log Collection Policies
      • Audit Events Policy
      • Flat File Policy
      • Remote Log Collection Policy
      • Syslog Policy
      • Configuring Log Collection Policies
  • Query Management
    • Configuring Event Queries
    • Configuring Custom Dashboards
  • Managing Rules
  • Incidents And Cases
    • Managing Incidents
    • Managing Cases
  • Live Lists
    • Managing Live Lists
    • Managing Live List Content
  • Managing Reports
  • Administration
    • Viewing Log Collection Summaries
    • Managing Users
    • Viewing License And Subscription Details And Configuring NxSIEM Platform URL
  • Appendix 1 – Field Groups And Event Items Description
  • Appendix 2 - Configuring Endpoints To Forward Logs To NxSIEM Server
  • About Comodo Security Solutions

Appendix 2 - Configuring Endpoints to Forward Logs to NxSIEM Server


You can configure endpoints in customer networks to forward logs to NxSIEM in several ways. There are two broad methods of log collection:

  • Using The Log Collection Agent
  • Agentless Log Collection


Using NxSIEM Agent


Agent Installation and Configuration


You can download the log collection agent from the NxSIEM interface, install on each endpoint and activate it using the unique key generated for the customer network/zone. Refer to the section  Downloading and Installing the NxSIEM Agent on Endpoints for detailed explanation.


Remote Log Collection


An agent installed on one endpoint in a network can be configured via a 'Remote Log Collection Policy' to acquire logs from another endpoint in which log collection is not installed. For more details on Log Collection Policies and their deployment to selected agents, refer to the section Log Collection Policies. For a tutorial on configuring a Remote Log Collection Policy, refer to the section Remote Log Collection Policy.


Agentless Log Collection


Agentless log collection involves configuring RSYSLOG and NXLOG utilities installed on Linux and Windows endpoints respectively. Configuration scripts for both RSYSLOG and NXLOG can be downloaded from the NxSIEM interface then run on endpoints to automatically forward logs to the NxSIEM server.


Using Ready Made Script Files


NxSIEM generates ready-made configuration script files with all parameters pre-configured for each enrolled customer/network. You can download the configuration script/file from the administrative console and deploy onto endpoints. This is the most convenient way of configuring NXLOG (Windows endpoints) and RSYSLOG (Linux endpoints) to send logs to the NXSIEM server. Refer to the section Configuring Nxlog and Rsyslog to Send Logs to NxSIEM Serverfor more detailed explanations on downloading the script files and deploying them.


Using manually Configurable Script File


NxSIEM allows you to download a configuration script for RSYSLOG which lets you manually set parameters such as network authentication token, name of product from which the logs are to be collected and so on. This script can be used to configure RSYSLOG utilities at Linux based endpoints to send logs to the NXSIEM server. For more details on downloading and configuring the script, refer to the section Agentless Log Collection.



Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.