Accenture MDR Quick Start Guide for PingFederate

Owned by KM (Unlicensed)
Last updated: Apr 29, 2021
3 min read

This quick start guide will help Accenture MDR customers configure PingFederate to send logs to the Log Collection Platform (LCP).

The document includes the following topics:

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found at

Accenture MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents

Port Requirements

Table1-1: Port requirements for LCP communication.

Source

Destination

Port

Description

PingFederate

LCP

10013 (TCP with Non-TLS)

10014 (TCP with TLS)

Default port

Configuring PingFederate

To Configure PingFederate, you can configure the Windows NXlog Agent to send logs over TCP with either TLS or Non-TLS port.

 

Windows NxLog Agent for Non-TLS TCP

  1. Navigate to C:\Program Files\Ping Identity\pingfederate-9.2.2\pingfederate\server\default\conf and take backup of log4j2.xml file.

  2. Rename the attached file  PingFederate log4j2.xml to log4j2.xml and copy into this folder.

  3. Download the NxLog agent installation file (.exe or msi) from https://nxlog.co/products/nxlog-community-edition/download and install it on the server where PingFedrate logs are available. 

  4. Go to services.msc and stop the NXlog service

  5. Navigate to folder C:\Program Files (x86)\nxlog\data and delete configcache.dat.

  6. Go to the location C:\Program Files (x86)\nxlog\conf. Rename the attached file PingFederate (Windows).conf to  nxlog.conf and copy into this folder.

  7. Replace lcpip with actual LCP IP in NXlog.conf .

  8. Provide PingFederate Audit Logs - audit.log file location against File location.

9. Provide PingFederate Provisioner Audit Logs - provisioner-audit.log file location against File location.

10.Now start the NXlog service from services.msc 

11.Nxlog agent logs will be available at the location C:\Program Files (x86)\nxlog\data\nxlog.log.

 

Windows NxLog Agent for TLS TCP

  1. Navigate to C:\Program Files\Ping Identity\pingfederate-9.2.2\pingfederate\server\default\conf and take backup of log4j2.xml file.

  2. Rename the attached file  PingFederate log4j2 copy.xml to log4j2.xml and copy into this folder.

  3. Download the NxLog agent installation file (.exe or msi) from https://nxlog.co/products/nxlog-community-edition/download and install it on the server where PingFedreate logs are available. 

  4. Go to services.msc and stop the NXlog service.

 Note: Please contact the Accenture MDR onboarding team to obtain the certificate.

5. Place the certificate in PingFederate server which is obtained from the MDR onboarding team at your desired location.

6. Go to the folder C:\Program Files (x86)\nxlog\data and delete configcache.dat.

7. Go to the location C:\Program Files (x86)\nxlog\conf and rename the attached file PingFederate (Windows with TLS).conf to nxlog.conf and copy into this folder.

8. Replace lcpip with actual LCP IP in NXlog.conf 

9. Provide the cert file location for the CA certificate in NXlog.conf against CAFile.

10. Provide PingFederate Audit Logs - audit.log file location against File location

11. Provide PingFederate Provisioner Audit Logs - provisioner-audit.log file location against File location.

12. Now start the Nxlog service from services.msc.

13. NxLog agent logs will be available at location "C:\Program Files (x86)\nxlog\data\nxlog.log".

 

LCP Configuration Parameters

Table 1-2: The PingFederate Event Collector(Syslog-3888) properties to be configured by MDR are given in the table.

Property

Default Value

Description

Protocol

TCP

Default protocol. 

IP Address

Ping Federate IP Address

Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ).

Note: If the device sends logs using multiple interfaces, contact the Accenture MDR onboarding team.

Port Number

10013 

The default port for TCP-Non TLS. Default port for TCP with TLS is 10014.

 

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.