Table of Contents
1.0 Create an Account
Send an e-mail to firstname.lastname@example.org requesting a account to be created for you. Provide the following information:
Organization Name, First Name, Last Name, e-mail address, phone number
You will receive an e-mail with instructions for how to activate your account and access our Cloud Portal.
2.0 Setup log forwarding on your devices
We encourage you engage our Professional Services team prior to starting your implementation. Our engineers have a decades of expertise supporting enterprise organizations and are here to help. They can help you create an implementation plan or simply provide feedback on your existing plan.
Please contact your account team to schedule your 1-hour Implementation Planning Session.
You may forward logs using syslog if it is native to the device
Linux Host Forwarder
System Requirements: CentOS 5 + or Red Hat Enterprise Linux 4 +
Move tarball into the temporary folder.
# mv loganalysis-forwarder.tar.gz -t loganalysis-forwarder/
# cd loganalysis-forwarder/
# tar xzf loganalysis-forwarder.tar.gz
Install RPM package
# rpm -ivh loganalysis-forwarder-
# cp -pr loganalysis_2050.crt /opt/loganalysis-forwarder/
Make the following changes (highlighted in red) in the configuration file: /etc/loganalysis-forwarder.conf
# The network section covers network configuration :)
# A list of downstream servers listening
# loganalysis-forwarder will pick one at random and only
# the selected one appears to be dead or unresponsive
"<Secure Cloud Connector Host>:514"
# The path to your client ssl certificate (optional)
# The path to your client ssl key (optional)
# The path to your trusted ssl CA file. This is used
# to authenticate your downstream server.
# Network timeout in seconds. This is most important
# loganalysis-forwarder determining whether to stop waiting
# acknowledgement from the downstream server. If an timeout is reached,
# loganalysis-forwarder will assume the connection or server is bad and
# will connect to a server chosen at random from the servers list.
# The list of files configurations
# An array of hashes. Each hash tells what paths to watch and
# what fields to annotate on events from those paths.
# single paths are fine
# globs are fine too, they will be periodically evaluated
# to see
files match the wildcard.
# A dictionary of fields to annotate on each event.
# A path of
Step 4. Start the Forwarder
From the command line, enter the following:
# /etc/init.d/loganalysis-forwarder start
# chkconfig --add loganalysis-forwarder
Windows Host Forwarder
System Requirements: Microsoft Windows Server 2003 or higher
Step 1: Download & Run the installation.
Install the forwarder by clicking on the EXE file.
Step 2: Installation
The only interaction required during the install are the Keys requested during the install process. The Keys will be provided prior to the installation by your sales team.
Step 3: Verification
After installation two services will be running on the server. Verify “AD-ExpressForwarder” and “ExpressForwarder” are registered and running.
3.0 Add Data Source
Log into Cloud Portal and click on Collect
Click on ADD DATA SOURCE
Enter required information into the Add New Data Source configuration and click Save.
Instructions for each field are provided below.
Name: Enter the name of the device that logs are being sent from
(i.e. Firewall 1, Active Directory)
Forwarder: Select the type of log forwarder used on the device
Data Type: Select data type for the logs to be forwarded
Application: Select the applicable application logs are from
Format: Select the desired format. There may be only one option depending on Data Type and Application selected
Fields: This will be populated automatically depending on Format selected. Do not enter anything to this field manually
Delimiter: This will be populated automatically depending on Format selected. Do not enter anything to this field manually
Source IP Address: Enter the public IP address of the device sending logs
Protocol: Select the applicable protocol used by the Forwarder
Destination Port: Enter the destination port used by the Forwarder. You may need to get this from Support.
Timezone: ETC/UTC is selected by default. Do not change without consulting with Support
Token: This is will be generated automatically after new data source is saved
4.0 Verify Log Collection
Wait 5 minutes and refresh screen by clicking on Collect. You should see the data sources and number of logged transactions that have been collected.
Single-click on the Transactions number for the data source.
This will display the collected log timeline and raw logs below the timeline.
The timeline can be expanded or reduced using the slider above the timeline.