You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>ConfigureLogForwardingOnCommonlyUsedDataSources>DtexSystemsDtex (29 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next

Sheriff CSMâ„¢

Dtex Systems Dtex

When you configure Dtex Systems Dtex to send log data to Sheriff CSM, you can use the Dtex plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor Dtex Systems
Device Type Intrusion Detection System
Connection Type Syslog
Data Source Name Dtex
Data Source ID 1912

Integrating Dtex Systems Dtex

Before you configure the Dtex Systems Dtex integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Dtex Systems Dtex to send Syslog messages to Sheriff CSM

  1. Configure your /etc/rsyslog.conf file as follows:

    $ModLoad imfile
$InputFileName <path to location where Dtex logs are saved>
$InputFileTag dtex
$InputFileSeverity <desired log level>
$InputFileFacility <local syslog facility>
$InputRunFileMonitor
dtex.log.* @@<Sheriff CSM_IP_Address>:514

    For the $InputFileName parameter, you add the file path to the log file. The $InputFileFacility parameter specifies the syslog facility assigned to read log entries. For the $InputFileSeverity parameter, specify the log level corresponding to the severity of log messages you want to receive. (The default level is notice.)

  2. Restart the rsyslog service.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://dtexsystems.com/

For troubleshooting, refer to the vendor documentation:

https://dtexsystems.com/support/
Edit  | Attach | Print version | History: r8 < r7 < r6 < r5 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r8 - 29 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.