Configuring Vormetric Data Firewall FS Agents to Bypass Vormetric Data Security Manager
When the Vormetric Data Security Manager is enabled to communicate with JSA, all events from the Vormetric Data Firewall FS Agents are also forwarded to the JSA system through the Vormetric Data Security Manager.
To bypass the Vormetric Data Security Manager, you can configure Vormetric Data Firewall FS Agents to send LEEF events directly to the JSA system.
Your Vormetric Data Security Manager user account must have System Administrator permissions.
- Log in to your Vormetric Data Security Manager.
- On the navigation menu, click System >Log Preferences.
- Click the FS Agent Log tab.
- In the Policy Evaluation row, configure the
Select the Log to Syslog/Event Log check box.
- Clear the Upload to Server check box.
- From the Level list, select INFO.
This set up enables a full audit trail from the policy evaluation module to be sent directly to a syslog server, and not to the Security Manager. Leaving both destinations enabled might result in duplication of events to the JSA system.
- Under the Syslog Settings section, configure the following
parameters. In the Server field, use the following syntax
to type the IP address or host name and port number of your JSA system.
- From the Protocol list, select TCP or a value that matches the log source configuration on your JSA system.
- From the Message Format list, select LEEF.
This configuration is applied to all hosts or host groups later added to the Vormetric Data Security Manager. For each existing host or host group, select the required host or host group from the Hosts list and repeat the procedure.