Device | Details |
---|---|
Vendor | SecureAuth |
Device Type | Network Access Control |
Connection Type | Syslog |
Data Source Name | secureauth |
Data Source ID | 1834 |
In the Log Type field, select Syslog.
In the Syslog Server and Syslog Port fields, enter the Sheriff CSM IP address and 514, respectively.
Select the Extended OTP Logging check box.
If not done already, download nxlog.conf, and then place it in the conf
directory of your NXLog installation. Depending on which version you use, the directory can be C:\Program Files (x86)\nxlog\conf
for the 32-bit version or C:\Program Files\nxlog\conf for the 64-bit version.
Note: This step overwrites the default nxlog.conf
file. You may want to back up the original copy before placing the one provided by AT&T Cybersecurity.
nxlog.conf
file in a text editor.
Update the root path of your NXLog installation.
Locate the following lines:
#define ROOT C:\Program Files\nxlog #define ROOT C:\Program Files (x86)\nxlog
Enter the Sheriff CSM Sensor IP address.
Locate the following line:
define OUTPUT_DESTINATION_ADDRESS <Sheriff-CSM-Sensor-IP>
<Sheriff-CSM-Sensor-IP>
with the IP address of the Sheriff CSM All-in-One or Sheriff CSM Sensor that will receive the Windows events.
Uncomment the section between SECUREAUTH-NXLOG
and /SECUREAUTH-NXLOG.
Important: Only remove the first # symbol in each line when uncommenting the sections. The remaining # symbol indicates that the line is either a comment or optional.
Save the file.