Configuration Guide for realize the Qosmos log analysis with Click&DECiDE NSI



Documents pareils
WEB page builder and server for SCADA applications usable from a WEB navigator

Instructions Mozilla Thunderbird Page 1

calls.paris-neuroscience.fr Tutoriel pour Candidatures en ligne *** Online Applications Tutorial

How to Login to Career Page

Notice Technique / Technical Manual

Guide d'installation rapide TFM-560X YO.13

TABLE DES MATIERES A OBJET PROCEDURE DE CONNEXION

WiFi Security Camera Quick Start Guide. Guide de départ rapide Caméra de surveillance Wi-Fi (P5)

Contents Windows

Once the installation is complete, you can delete the temporary Zip files..

Vanilla : Virtual Box

Acce s aux applications informatiques Supply Chain Fournisseurs

Instructions pour mettre à jour un HFFv2 v1.x.yy v2.0.00

Application Form/ Formulaire de demande

lundi 3 août 2009 Choose your language What is Document Connection for Mac? Communautés Numériques L informatique à la portée du Grand Public

Utiliser une WebCam. Micro-ordinateurs, informations, idées, trucs et astuces

Contrôle d'accès Access control. Notice technique / Technical Manual

DOCUMENTATION - FRANCAIS... 2

DOCUMENTATION - FRANCAIS... 2

Package Contents. System Requirements. Before You Begin

DOCUMENTATION MODULE BLOCKCATEGORIESCUSTOM Module crée par Prestacrea - Version : 2.0

The new consumables catalogue from Medisoft is now updated. Please discover this full overview of all our consumables available to you.

Règlement sur le télémarketing et les centres d'appel. Call Centres Telemarketing Sales Regulation

that the child(ren) was/were in need of protection under Part III of the Child and Family Services Act, and the court made an order on

Gestion des prestations Volontaire

CommandCenter Secure Gateway

3615 SELFIE. HOW-TO / GUIDE D'UTILISATION

Compléter le formulaire «Demande de participation» et l envoyer aux bureaux de SGC* à l adresse suivante :

English version Legal notice

If you understand the roles nouns (and their accompanying baggage) play in a sentence...

Summary / Sommaire. 1 Install DRIVER SR2 USB01 Windows seven 64 bits / Installation du DRIVER SR2 USB01 Windows seven 64 bits 2

Paxton. ins Net2 desktop reader USB

Get Instant Access to ebook Cest Maintenant PDF at Our Huge Library CEST MAINTENANT PDF. ==> Download: CEST MAINTENANT PDF

Cheque Holding Policy Disclosure (Banks) Regulations. Règlement sur la communication de la politique de retenue de chèques (banques) CONSOLIDATION

Quick Start Guide This guide is intended to get you started with Rational ClearCase or Rational ClearCase MultiSite.

Dans une agence de location immobilière...

APPENDIX 6 BONUS RING FORMAT

Editing and managing Systems engineering processes at Snecma

LOGICIEL D'ADMINISTRATION POUR E4000 & G4000 MANAGEMENT SOFTWARE FOR E4000 & G4000

MANUEL MARKETING ET SURVIE PDF

English Q&A #1 Braille Services Requirement PPTC Q1. Would you like our proposal to be shipped or do you prefer an electronic submission?

CEST POUR MIEUX PLACER MES PDF

HSCS 6.4 : mieux appréhender la gestion du stockage en environnement VMware et service de fichiers HNAS Laurent Bartoletti Product Marketing Manager

Le passé composé. C'est le passé! Tout ça c'est du passé! That's the past! All that's in the past!

POLICY: FREE MILK PROGRAM CODE: CS-4

MELTING POTES, LA SECTION INTERNATIONALE DU BELLASSO (Association étudiante de lʼensaparis-belleville) PRESENTE :

Support Orders and Support Provisions (Banks and Authorized Foreign Banks) Regulations

Nouveautés printemps 2013

Our recommendation engine has come up with some personalized suggestions for you.

GIGABIT PCI DESKTOP ADAPTER DGE-530T. Quick Installation Guide+ Guide d installation+

SAP SNC (Supply Network Collaboration) Web Package. (Français / English) language. Edition 2013 Mars

USB 598. Quick Start Guide (Windows) Guide de démarrage rapide (Windows) USB Modem. Modem USB.

First Nations Assessment Inspection Regulations. Règlement sur l inspection aux fins d évaluation foncière des premières nations CONSOLIDATION

XtremWeb-HEP Interconnecting jobs over DG. Virtualization over DG. Oleg Lodygensky Laboratoire de l Accélérateur Linéaire

Module Title: French 4

1 Configuration des Fichiers Hosts, Hostname, Resolv.conf

Principe de TrueCrypt. Créer un volume pour TrueCrypt

SAP SNC Portal. User Guide for Suppliers. M1, M2b Modules - Edition 1. Direction des Achats/Ph.Longuet Date: 5/08/10

Comment calculer une moyenne journalière de l irradiance avec excel 2007? How to calculate a daily average amount of irradiance with Excel 2007?

Frequently Asked Questions

Deadline(s): Assignment: in week 8 of block C Exam: in week 7 (oral exam) and in the exam week (written exam) of block D

SAP SNC Portal. User Guide for Suppliers. M1, M2b Modules - Edition 3. Direction des Achats/Ph.Longuet Date: 4/11/11

Please kindly find below a synoptic table showing the various ways of transport from Mahe to La Digue, with a stop over on Praslin:

Quick Installation Guide TEW-AO12O

Table des matières ENGLISH VERSION NEAR BOTTOM OF PAGE. Transferts sécurisés de fichiers Système MFT (Managed File Transfer) Guide de l utilisateur

SERVEUR DÉDIÉ DOCUMENTATION

Quick Installation Guide TBW-106UB H/W: V1

Logitech Tablet Keyboard for Windows 8, Windows RT and Android 3.0+ Setup Guide Guide d installation

Guide d installation Deco Drain inc. DD200

Cliquez pour modifier les styles du texte du masque

Contrôle d accès Access control MOD-TCPIP-AI. Notice technique / Technical Manual

Exemple PLS avec SAS

Tutoriel de formation SurveyMonkey

Surveillance de Scripts LUA et de réception d EVENT. avec LoriotPro Extended & Broadcast Edition

Quick Installation Guide TW100-BRV304

en SCÈNE RATIONAL Rational Démonstration SDP : automatisation de la chaîne de développement Samira BATAOUCHE sbataouche@fr.ibm.com

Utiliser un proxy sous linux

Quick Installation Guide TE100-P1P

La création et la mise à jour de votre profil de fournisseur d Accenture

Quick Installation Guide TV-IP400 TV-IP400W

THE EVOLUTION OF CONTENT CONSUMPTION ON MOBILE AND TABLETS

Supervision et infrastructure - Accès aux applications JAVA. Document FAQ. Page: 1 / 9 Dernière mise à jour: 15/04/12 16:14

RULE 5 - SERVICE OF DOCUMENTS RÈGLE 5 SIGNIFICATION DE DOCUMENTS. Rule 5 / Règle 5

Appointment or Deployment of Alternates Regulations. Règlement sur la nomination ou la mutation de remplaçants CONSOLIDATION CODIFICATION

Adeunis-RF Softwares. Stand-Alone configuration Manager V2. User guide version V1 FRANCAIS ENGLISH

accidents and repairs:

Creating a Backup of Bootable Disk and Recovery Image

FÉDÉRATION INTERNATIONALE DE NATATION Diving

Stock Management Suite

Order Binding Certain Agents of Her Majesty for the Purposes of Part 1 of the Personal Information Protection and Electronic Documents Act

Thank you for choosing the Mobile Broadband USB Stick. With your USB Stick, you can access a wireless network at high speed.

CETTE FOIS CEST DIFFERENT PDF

Innovation in Home Insurance: What Services are to be Developed and for what Trade Network?

THE SUBJUNCTIVE MOOD. Twenty-nineth lesson Vingt-neuvième leçon

has brought a motion to change the order of Justice, dated. the agreement between you and (name of party bringing this motion), dated.

Créé par Goldfing & Pblabla Créé le 02/05/ :49:00. Guide pour la déclaration d impôt

Practice Direction. Class Proceedings

Guide pour l Installation des Disques Durs SATA et Configuration RAID

Quick Installation Guide TEW-P21G

Transcription:

ig Configuration Guide for realize the Qosmos log analysis with Click&DECiDE NSI Or how quickly configure Qosmos log analysis With this document help, we will present the quick configuration of Qosmos in discover mode and the integration of Click&DECiDE log analysis for Qosmos. Should you have any question about this document, or would you like some help, please contact: Benoît Rostagni Tel: +33 1 47 86 91 66 GSM: +33 6 82 88 94 17 email: benoit.rostagni@clickndecide.com Contact us: E-mail: sales@clickndecide.com Tel: +33 467 844 800 Main Office: 130, rue Baptistou, ZAE Nord, 34 980 St Gély du Fesc, France To contact your nearest Click&DECiDE partner, click here.

Table of Contents 1. Click&DECiDE configuration to analyze Qosmos logs... 3 1.1. Hardware Configuration... 3 1.2. Software Installation... 3 1.3. Downloading Click&DECiDE Software... 3 2. Qosmos configuration to send logs to Click&DECiDE... 3 2.1. Qomos Discover Tuple... 3 2.2. Qosmos Supervision... 4 2.3. CSV log collection... 5 3. Click&DECiDE configuration to analyze the logs... 6 3.1. Qosmos Discover Filter import... 6 3.2. Qosmos Discover filter configuration... 6 4. Operating Qosmos data... 8 4.1. Creating an on demand report, on current processed data... 8 4.2. Creating a data Cube for easy data manipulation... 9

1. Click&DECiDE configuration to analyze Qosmos logs 1.1. Hardware Configuration Thank you for reporting to the Guide: NSI Architectures design guide From 1 to 300 millions lines per day available here: http:///resources/guides 1.2. Software Installation Thank you for reporting to the Guide: NSI Quick Installation Guide For Proof of Concept, For Demonstrations, For Free Evaluation Licenses NSI Soft Appliance Quick Installation Guide And to the training books: NSI Training Book Part 1 : Log Source Configuration NSI Training Book Part 2 : Management Console Configuration All those documents are available here: http:///resources/guides 1.3. Downloading Click&DECiDE Software Register on the web page http://license.clickndecide.com/downloads/cndnsi_request.aspx and you will received by email, you licence code valid for a month, with direct links to download either: Click&DECiDE NSI software version Click&DECiDE NSI Soft Appliance version for VMware Workstation Click&DECiDE NSI Soft Appliance version for VMware ESXi 4.x Click&DECiDE NSI Soft Appliance version for Windows Virtual PC Please follow the installation instructions 2. Qosmos configuration to send logs to Click&DECiDE Installation of the Qosmos "Discover" tuple prepared for Click&DECiDE. Please contact us if you did not receive it. 2.1. Qomos Discover Tuple The Tuple looks like: tuple cnd1_discover 'base:flow_id not null, time(base:flow_id not null), time(base:session_end not null), base:session_packet_counter not null, ip:client_addr not null, ip:server_addr not null, tcp:server_port, udp:server_port, sum(base:tot_len not null), ip:protocol not null, base:path not null, eth:src not null' export default

The configuration must be scheduled to write (flush tuple) the logs every 1 to 5 minutes. The configuration file "tdclid.conf.disco" must include the following line: tune max_timeout 180 Load the tuple using the command: tdcli conf load disco The CSV generated must be sent in a shared directory on the Click&DECiDE computer. This can be done on a shared disk or by an FTP command. Eventually, logs can be received in Syslog. In this case, the Qosmos Click&DECiDE filter should be modified to take into account the logs sent in syslog format. 2.2. Qosmos Supervision You can use console software like putty to oversee the collection of logs, for example with the command: watch 'tdcli caplin stats; echo ====; tdcli tuple statlist; echo ====; free' Or with the command: tdcli rep caplin stats verbose

2.3. CSV log collection Logs received in Click&DECiDE directory looks like the following: The file contains records of this type:

3. Click&DECiDE configuration to analyze the logs After becoming familiar with Click&DECiDE solution using the setup guide and the Demo device installation, you can install the Qosmos Discover filter prepared by Click&DECiDE. Please contact us if you did not receive it. 3.1. Qosmos Discover Filter import The filter is named Qosmos Discover.xml. Open the Management Console, and go to Filters section and press the right click button on the mouse. Select Import Filter and / or Parsers. Answer yes to both questions to import the filter and parsers. 3.2. Qosmos Discover filter configuration Make sure that the collection agent is pointing by default on the area you have chosen to carry out the collection of logs. If necessary, make the change supervised directory.

Then apply the agent configuration for the Flat File Parser. Then do the same on the filter configuration, at ULA level. The * means that a configuration has changed and need to be saved (Apply Change), the sign disappear when the modified configuration is loaded on the system.

4. Operating Qosmos data By default, Qosmos data are sent in a table Firewall. Every night at 1 AM, those data are aggregated and reports are created daily and available on the web portal. If you want to use the data immediately, without waiting for next day, you must perform a scheduled task, including aggregation and report generation (please refer to training books). 4.1. Creating an on demand report, on current processed data In the Click&DECiDE Web portal (http://localhost/dvweb/) use the following links: NSI Report and Analysis > Dynamic Reports > Firewall Statistics (Daily) > Report Book for the Firewall(s) (Daily Reports 01 to 15). Select "Today" for the date and write "Qosmos Discover" in the Firewall. And press the Save task button. Check the boxes next to the dates to automate the date calculations and fill in the destination as follows: Save the task. This task must be scheduled in order to be process automatically.

In Scheduled Task & Task > Scheduled Task, select New Scheduled Task and configure it as follow to be executed on-demand: Press finish and the report is available within minutes later in: NSI Reports and Analysis > Published Reports > Qosmos Discover > Qosmos_Daily.pdf 4.2. Creating a data Cube for easy data manipulation In NSI Reports and Analysis > Forensic Analysis > Firewall Cubes > Firewall Cube on Detailed Information (limited to 100 000 records), select the parameters to filter your data in your cube view: And then manipulate the dimension (display, filter, sort,...) as desired.

Sample of a grid view: Sample of a graph view:

2026 © DocPlayer.fr Politique de confidentialité | Conditions de service | Feed-back