Event Collection
- SOCaaP features agent-less log collection from Windows/Linux endpoints using the Nxlog and Rsyslog utilities.
- The NXLOG utility (for Windows) and the RSYSLOG utility (for Linux) need to be configured to send logs to the SOCaaP server.
- SOCaaP also provides pre-configured scripts for Nxlog and Rsyslog which will automatically send logs to SOCaaP.
Scripts can be configured and deployed in two ways:
- Pre-configured script files - The administrator can download ready-made configuration script files with all parameters pre-configured for a specific customer/network from the 'Hard Assets' interface. This is the most convenient way of configuring NXLOG and RSYSLOG utilities at the endpoints to send logs to the SOCaaP server. See Configuring Nxlog and Rsyslog to Send Logs to SOCaaP Server for more detailed explanations about downloading the script files and deploying them.
- Manually configure RSYSLOG/NXLOG scripts - Administrators can download configuration scripts for RSYSLOG and NxLOG and manually set the parameters such as network authentication token, name of product from which the logs are to be collected and so on. These scripts can be used to configure RSYSLOG and NxLOG utilities at Linux and Windows based endpoints to send logs to the SOCaaP server.
-
Click the 'Menu' button from the top right, choose 'Administration' and then click 'Event Collection'
The 'Event Collection' page contains instructions about downloading the scripts, setting the parameters and configuring the RSYSLOG/NxLOG utilities using the scripts.
In addition
to event collection, SOCaaP is capable of collecting
log information from Xcitium Network Monitoring Sensors. These sensors
listens on the customer's network using span/tap technologies and can
be configured according to customer requirements. The deployment of
sensors has to planned according to customers network topology and
can be done in coordination with Xcitium. Please contact your account
manager at Xcitium for the deployment of sensors on your network.