53
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
M
ICROSOFT
E
L
VENT
OG
A STRM Microsoft Windows Security Event Log DSM accepts events using syslog
from relevant authentication and authorization events. You can integrate Window
server versions 2000/XP with STRM using one of the following methods:
Use the STRM Adaptive Log Exporter. For more information on the Adaptive
•
Log Exporter, see the Adaptive Log Exporter Users Guide.
Set-up the Snare Agent to forward windows security event logs to STRM.
•
To set-up the Snare Agent to forward windows security event logs to STRM:
Download and install the Snare Agent.
Note: To download a Snare Agent, see the following web site:
www.intersectalliance.com/projects/index.html
In the Snare Agent interface, select Audit Configuration.
Note: If you are using the web interface, select Network Configuration.
In the Enter the remote IP or DNS address field, enter the IP address of the STRM
system.
Note: If you are using the web interface, you must enter the IP address of the
STRM system in the Destination Snare Server address field.
Make sure the Enable Syslog Header check box is selected.
Click Objectives Configuration.
Select the check boxes to determine which Windows events you wish to forward to
STRM.
From the menu, select Activity > Apply and restart Audit.
Note: The value entered in the override host name detection with field must match
the IP address or hostname assigned to the device configured in the STRM setup.
You are now ready to configure the sensor device within the STRM interface. To
configure STRM to receive events from a Windows security event log, you must
select the Microsoft Windows Security Event Log option from the Sensor
Device Type drop-down list box. For more information on configuring devices, see
the Managing Sensor Devices Guide.
For more information regarding your server, see your vendor documentation.
Configuring DSMs Guide
W
INDOWS
S
ECURITY