Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

STEALTHbits StealthINTERCEPT

 

The JSA DSM for STEALTHbits StealthINTERCEPT can collect event logs from your STEALTHbits StealthINTERCEPT and File Activity Monitor services.

The following table identifies the specifications for the STEALTHbits StealthINTERCEPT DSM.

Table 1: STEALTHbits StealthINTERCEPT DSM Specifications

Specification

Value

Manufacturer

STEALTHbits Technologies

DSM

STEALTHbits StealthINTERCEPT

RPM file name

DSM-STEALTHbits

StealthINTERCEPT-

JSA_Version

-build_

number
.noarch.rpm

Supported versions

3.3

Protocol

Syslog

Event format

LEEF

JSA recorded events

Active Directory Audit Events, File Activity Monitor Events

Automatically discovered

Yes

Includes identity

No

More information

http://www.stealthbits.com/resources

Syslog Log Source Parameters for STEALTHbits StealthINTERCEPT

If JSA does not automatically detect the log source, add a STEALTHbits StealthINTERCEPT log source on the JSA Console by using the Syslog protocol.

When using the Syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Syslog events from STEALTHbits StealthINTERCEPT:

Table 2: Syslog Log Source Parameters for the STEALTHbits StealthINTERCEPT DSM

Parameter

Value

Log Source Type

STEALTHbits StealthINTERCEPT

Protocol Configuration

Syslog

Configuring Your STEALTHbits StealthINTERCEPT to Communicate with JSA

To collect all audit logs and system events from STEALTHbits StealthINTERCEPT, you must specify JSA as the syslog server and configure the message format.

  1. Log in to your STEALTHbits StealthINTERCEPT server.
  2. Start the Administration Console.
  3. Click Configuration >Syslog Server.
  4. Configure the following parameters:

    Table 3: Syslog Parameters

    Parameter

    Description

    Host Address

    The IP address of the JSA console

    Port

    514

  5. Click Import mapping file.
  6. Select the SyslogLeefTemplate.txt file and press Enter.
  7. Click Save.
  8. On the Administration Console, click Actions.
  9. Select the mapping file that you imported, and then select the Send to Syslog check box.

    Leave the Send to Events DB check box selected. StealthINTERCEPT uses the events database to generate reports.

  10. Click Add.

Configuring Your STEALTHbits File Activity Monitor to Communicate with JSA

To collect events from STEALTHbits File Activity Monitor, you must specify JSA as the Syslog server and configure the message format.

  1. Log in to the server that runs STEALTHbits File Activity Monitor.
  2. Select the Monitored Hosts tab.
  3. Select a monitored host and click Edit to open the host's properties window.
  4. Select the Syslog tab and configure the following parameters:

    Parameter

    Description

    Bulk Syslog server in SERVER[:PORT] format

    <JSA event collector IP address>:514

    Example: 1.1.1.1:514

    <jsahostname>:514

    Syslog message template file path

    SyslogLeefTemplate.txt

    The template is stored in the STEALTHbits File Activity Monitor Install Directory

  5. Click OK.

Syslog Log Source Parameters for STEALTHbits File Activity Monitor

If JSA does not automatically detect the log source, add a STEALTHbits File Activity Monitor log source on the JSA Console by using the Syslog protocol.

When using the Syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Syslog events from STEALTHbits File Activity Monitor:

Table 4: Syslog Log Source Parameters for the STEALTHbits File Activity Monitor DSM

Parameter

Value

Log Source Type

STEALTHbits File Activity Monitor

Protocol Configuration

Syslog