ITarian Help

Find the desired product help

SOCaaP

SOCaaP

Version 2.2

English

Print Help
SOCaaP SIEM > Customer Asset Management > Configure Nxlog And Rsyslog To Send Logs To SOCaaP Server
  • Introduction
    • Logging-in To The SOCaaP Console
  • Dashboard Overview
    • Summary
    • Alerts, Incidents And Website Vulnerabilities
    • Customer Health
  • SOCaaP Alerts/Escalations
    • Log-in To The Admin Console
    • The Home Screen
    • Service Summary
    • Incidents Overview
      • Incidents
      • Threat Summary
    • Log Collection Summary
    • Threat Communication Graph
    • Tickets
    • Reports
    • Notification Settings
    • Integrate Your Office 365 Account With SOCaaP
  • SOCaaP SIEM
    • Log-in To The Admin Console
    • The Main Interface
    • The Dashboard
    • Customer Asset Management
      • Add Customers
      • Add Assets For Monitoring
        • Hard Assets
        • Soft Assets
      • Configure Nxlog And Rsyslog To Send Logs To SOCaaP Server
      • Edit Customers
    • Query Management
      • Configure Event Queries
      • Long Term Analysis
      • Configure Custom Dashboards
      • Event Field Selection Settings
    • Manage Rules
      • Manage Correlation Rules
      • Manage Tagged Rules
      • Manage Aggregation Rules
    • Incidents
      • Manage Incidents
      • Incident Category Management
      • Category Action Management
    • Lists
      • Manage Live Lists
      • Manage Live List Content
      • Manage Range List Content
      • Manage IP Range List Content
      • Manage Multiple Column List Content
    • Manage Reports
    • Administration
      • Event Collection
      • Phantom Settings
      • Manage Users
    • Appendix 1 – Field Groups And Event Items Description
    • Appendix 2 – SOCaaP Supported Logs
  • SOCaaP Web Protection
    • Add Websites
    • The Main Interface
    • The Dashboard
    • Website Data And Settings
      • Website Overview
      • Security Scans
        • Website Scans
        • Website Files Security Scans
          • Malware Scan Settings
            • Automatic Configuration
            • Manual Configuration
          • Run A Scan And View Results
          • Notifications, Malware Removal And Scheduled Scans
        • Vulnerability Scans
          • CMS Vulnerability Scans
          • OWASP Top 10 Vulnerability Scans
      • Content Delivery Network
        • Activate CDN For A Website
        • CDN Settings
        • View CDN Metrics
      • Firewall
        • WAF Statistics
        • WAF Events
        • Configure WAF Policies
        • Manage Custom Firewall Rules
      • SSL Configuration
      • DNS Configuration
      • Add Trust Seal To Your Websites
      • Back Up Your Website
        • Backup Settings
        • On-Demand Backup
        • View Backup Records And File Statistics
        • Restore And Download Website Files
        • Delete Backups
    • Manage Your Profile
  • Sensor Installation
    • Requirements
    • (Option 1) Create Installation Media
    • (Option 2) Deploy Virtual Machine Environment
      • Create A New Virtual Machine
      • Configure Memory Size
      • Configure Hard Disk
      • View VM Summary
      • Configure Network Settings
      • Select VM Startup Disk
    • Sensor Installation Steps
    • Sensor Configuration Steps
      • Login To The Web Portal
      • User Settings
      • Configure Network
      • Configure Timezone
      • Key Activation
      • (Optional) Valkyrie Key Verdict
      • (Optional) Forward Log
  • Frequently Asked Questions
  • About ITarian Security Solutions

Configure Nxlog and Rsyslog to Send Logs to SOCaaP Server

 

  • SOCaaP features agent-less log collection from Windows/Linux endpoints connected to customers' networks.
  • This is achieved through the Nxlog and Rsyslog utilities. The NXLOG utility (for Windows) and the RSYSLOG utility (for Linux) need to be configured to send logs to the SOCaaP server.

SOCaaP provides ready-made configuration script files for each customer's /network/zone which can be downloaded from the respective 'Customer Details' page. Once connected, the SOCaaP will be able to receive and store logs from the customer's endpoints and web-servers.


The following sections explain more about:

  • Configure the NXLOG Utility
  • Configure the RSYSLOG Utility

Configure the NXLOG Utility

 

Administrators can download a specific customer's NXLOG configuration file from the administrative console and use this to configure the NXLOG utility installed on Windows endpoints and web-servers connected to the customer's network. Please make sure NXLOG utility is installed on the machine which is to be configured to send logs to SOCaaP.


To download the NXLOG Configuration File

  • Open the 'Asset Management' interface by clicking the 'Menu' button, then 'Assets' > 'Asset Management'.
  • Select the customer from the left hand side pane.

The 'Customer Details' pane will open at the right.

  • Click 'Manage' at the bottom left of the right pane and choose the 'Hard Assets' tab.
  • Choose the network/zone you wish to configure from the right hand side pane and click the button in the row of the network/zone.

The authentication token, the authentication key and the download buttons for the NXLOG and RSYSLOG configuration script files for the selected network/zone will be displayed at the bottom of the right pane.

  • Click the NXLOG configuration file download button as shown in the screenshot below and save the file:



  • Replace the NXLOG configuration file at the location C:/Program Files (x86)/nxlog/conf/nxlog.conf or C:/Program Files/nxlog/conf/nxlog.conf in the endpointswebservers with the downloaded configuration file.

All settings in the configuration file including network token for the selected network/zone are pre-configured and will instruct the NXLOG utility to send logs to the SOCaaP server. SOCaaP will receive and store the logs under the respective customer/network for monitoring and incident reporting.


Configure RSYSLOG Utility

  • You can download a pre-configured RSYSLOG config script from the admin console. Each script is generated for a specific customer/network.
  • The script will configure RSYSLOG utilities installed on Linux machines to send logs to the SOCaaP.
    • Please make sure the RSYSLOG utility is installed on the target machine.


      To download the RSYSLOG Configuration File

      • Open the 'Asset Management' interface by clicking the 'Menu' button, then 'Assets' > 'Asset Management'.
      • Select a customer from the left hand pane.

      The 'Customer Details' pane will open at the right.

      • Click 'Manage' at the bottom left of the right pane and choose the 'Hard Assets' tab.
      • Choose the network/zone whose endpoints are to be configured, from the right hand side pane and click the  button in the row of the network/zone.

      The authentication token, the authentication key and the download buttons for the NXLOG and RSYSLOG configuration script files for the selected network/zone will be displayed at the bottom of the right pane.

      • Click the RSYSLOG configuration file download button as shown below and save the file.




      • Run the script file on all required endpoints.

      The script will configure the RSYSLOG utility to send logs to SOCaaP. SOCaaP will receive and store the logs under the respective customer/network for monitoring and incident reporting.


      Alternatively, you can download the script file for configuring the RSYSLOG utility from 'Administration' > 'Event Collection' interface, manually enter the parameters for the customer network to be monitored and run the script at the endpoints. See Event Collection for more details.

      • In addition to event log collection, SOCaaP is capable of collecting log information from ITarian Network Monitoring Sensors.
      • These sensors listen on the customer's network using span/tap technologies.
      • Sensor deployment is customized according to a customers network topology. Please contact ITarian to arrange sensor deployment.
      Comodo Help
      • IT Platform:
      • Help
      • Scripts
      • Wiki
      • Forum
      • Developer
      • RMM
      • Patch Management
      • Service Desk
      • ITSM
      • Managed Service Provider
      • Managed Detection and Response
      • Ticketing System
      • Helpdesk
      • ITIL

      Copyright 2025 Itarian