Comodo Help
Find the desired product help
Xcitium NxSIEM

Xcitium NxSIEM

Quick Start Guide 1.4

English

Print Help Download Help
Xcitium NxSIEM Quick Start Guide > Step 3 - Configure Customer Networks To Forward Logs To NxSIEM
  • Xcitium NxSIEM Quick Start Guide
    • Step 1 - Enroll Customers And Assign Users
    • Step 2 - Add Customer Networks For Monitoring
    • Step 3 - Configure Customer Networks To Forward Logs To NxSIEM
    • Step 4 - Generate Event Queries And View Events
    • Step 5 – Create Custom Dashboards For Customer Networks
    • Step 6 - Create Correlating Rules To Monitor Networks For Incidents
    • Step 7 - Generate Reports

Step 3 - Configure Customer Networks to Forward Logs to NxSIEM


There are different methods available to configure log collection:

  • Collection Agent - An agent installed on Windows and Linux endpoints forwards logs to the NxSIEM server. The agent setup file for Windows and Linux endpoints can be downloaded from the NxSIEM console. For each network and zone added, NxSIEM generates a unique agent activation key to authorize the agent to connect to the server.
    • Agentless Collection - The admin console contains ready-made configuration script files for RSYSLOG and NXLOG utilities which have all parameters pre-configured for a specific customer/network. Once deployed to customer endpoints, these scripts automatically configure the RSYSLOG (Linux endpoints) and NXLOG (Windows endpoints) utilities to forward logs to the NxSIEM server.

    To download, install and activate the collection agent

    • Click the navigation button at top right then 'Agents' > 'Collection Agents' > 'Agent Download', as shown:




    The 'Agent Download' page contains installation instructions and download links for Windows and Linux agents:

    • Click the 'windows-agent-setup.jar' or 'linux-agent-setup.gz' button to download the respective agent.
    • Transfer the setup files to required endpoints for installation.

    Tip: The agent requires Java 1.7 or higher, pre-installed at the endpoint for its operation. Ensure you have Java at the endpoints before installing the agent. Also, ensure that the network to which the endpoint is connected is added to NxSIEM for the customer. Keep the Unique Agent Activation Key of the customer/network handy to authorize the agent to connect to NxSIEM server. The key can be obtained from the 'Asset Management' > 'Hard Assets' interface. Select the Customer > Network and click the button in the row of the network. The 'Activation Key' is displayed at the bottom of the 'Hard Assets' pane.


    For Windows Endpoints:

    • Double click on the setup file and follow the installation wizard.




    • In the second step, enter the agent activation key, the Zookeeper and Kafka server addresses of the network, click 'Next' and continue the installation.
    • On completion of the installation, manually start the agent by navigating to the folder 'C:/Program Files (x86)MSSP Agent' and click on 'agent-start' file.

    The agent will establish connection with NxSIEM server and start sending logs from the endpoint.


    For Linux Endpoints:

    • Navigate to the location on the endpoint where you saved 'linux-agent-setup.tar.gz' and extract it.
    • Open /etc/hosts file, add the IP-Hostname pairs of Zookeeper and Kafka servers and save it.
    • Run the installation file with the following command.

    [install.sh - - -

    The log collection agent will be installed at /opt/comodo/mssp/mssp-log-agent directory.

    • Start the agent manually by running the command start-agent.sh under /opt/comodo/mssp/mssp-log-agent /bin directory

    The agent will establish connection with NxSIEM server and start sending logs from the endpoint. Optionally, you can configure log collection policies and deploy them as required to the agents. For detailed explanations on the policies and tutorials on configuring and deploying them, refer to the online help page at https://help.comodo.com/topic-325-1-675-8372-Log-Collection-Policies.html


    To deploy per-configured script files for agent-less log collection

    • Open the 'Asset Management' interface by clicking the 'Menu' button at the top right, then clicking 'Assets' > 'Asset Management'.
    • Select the customer from the left hand side pane.

    The 'Customer Details' pane will open at the right.

    • Click 'Manage' at the bottom left of the right pane and choose the 'Hard Assets' tab.
    • Choose the network/zone you wish to configure from the right hand side pane and click the button in the row of the network/zone.

    The authentication token, the authentication key and the download buttons for the NXLOG and RSYSLOG configuration script files for the selected network/zone will be displayed at the bottom of the right pane.

    • Click the 'NXLOG Configuration File Download' button or the 'RSYSLOG Configuration File Download' button as required and save the file.





    To configure NXLOG on Windows Endpoints:

    • Replace the NXLOG configuration file at the location C:Program Files (x86)nxlogconfnxlog.conf in the endpoints with the downloaded configuration file.

    All settings in the configuration file are pre-configured and will instruct the NXLOG utility to send logs to the NxSIEM server. The NxSIEM server will receive and store the logs under the respective customer/network for monitoring and incident reporting.


    To configure RSYSLOG on Linux Endpoints:

    • Run the script file on all required endpoints.

    The script will configure the RSYSLOG utility to send logs to NxSIEM server. The NxSIEM server will receive and store the logs under the respective customer/network for monitoring and incident reporting.


    Alternatively, you can download a manually configurable script files for NXLOG and RSYSLOG utilities from 'Agents' > 'Collection Agents' > 'Agentless Collection' interface, manually enter the parameters for the customer network to be monitored and run the script at the endpoints. Refer to the online help page at https://help.comodo.com/topic-325-1-675-8396-Agentless-Log-Collection.html for more details.


    Our Products
    • Free Antivirus
    • Free Internet Security
    • Website Malware Removal
    • Free Anti-Malware
    • Anti-Spam (Free Trial)
    • Windows Antivirus
    • Antivirus for Windows 7
    • Antivirus for Windows 8
    • Antivirus for Windows 10
    • Antivirus for MAC
    • Antivirus for Linux
    • Free Endpoint Security
    • Free ModSecurity
    • Free RMM
    • Free Website Malware Scanner
    • Free Device Manager for Android
    • Free Demo
    • Network Security
    • Endpoint Protection
    • Antivirus for Android
    • Comodo Antivirus
    • Wordpress Security
    Cheap CDN
    • Bootstrap CDN
    • Semantic UI CDN
    • Jquery CDN
    • CDN Plans
    • CDN
    • Free CDN
    Enterprise
    • Patch Management Software
    • Patch Manager
    • Service Desk
    • Website Down
    • Endpoint Protection Solutions
    • Website Security Check
    • Remote Monitoring and Management
    • Website Security
    • Device Manager
    • ITSM
    • CRM
    • MSP
    • Android Device Manager
    • MDR Services
    • Ransomware Prevention
    • Managed IT Support Services
    • Free EDR
    Free SSL Certificate
    Support Partners Terms and Conditions Privacy Policy

    © Comodo Group, Inc. 2024. All rights reserved.