Apache Http Server - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual
Configuring dsms
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1:
- Administration manual (370 pages) ,
- Manual (94 pages) ,
- Getting started (14 pages)
Table of Contents
Advertisement
4
A
A STRM Apache HTTP Server DSM accepts Apache events using syslog. You can
integrate Apache versions 1.3 and above with STRM. STRM records all relevant
HTTP status events.
Note: The procedure in this section applies to Apache DSMs operating on a
Unix/Linux platforms only.
Before you configure STRM to integrate with Apache, you must:
Open the Apache configuration file.
Step 1
Add the following below the log format definitions:
Step 2
LogFormat "%h %A %l %u %t \"%r\" %>s %p %b" qradar
Add the following line below the LogFormat entry to write to syslog:
Step 3
CustomLog "|/usr/bin/logger -t httpd -p <facility>.<priority>" qradar
Where:
<facility>
<priority>
For example:
CustomLog "|/usr/bin/logger -t httpd -p local1.info" qradar
Note: Verify that the hostname lookups is disabled. To verify, enter
HostnameLookups off
Open the
Step 4
Add the following line:
Step 5
<facility>.<priority> <TAB><TAB>@<host>
Where:
<facility>
value entered in Step 3.
<priority>
match the value entered in Step 3.
<TAB>
<host>
HTTP S
PACHE
is a syslog facility, for example, local0.
is a syslog priority, for example, info or notice.
syslog.conf
is the syslog facility, for example, local0. This value must match the
is the syslog priority, for example, info or notice. This value must
indicates you must press the TAB key.
indicates the STRM managed host.
Configuring DSMs Guide
ERVER
file.
Advertisement
Table of Contents
