Accenture MDR Quick Start Guide for PingAccess

Owned by KM (Unlicensed)
Last updated: Apr 29, 2021
3 min read

This quick start guide will help Accenture MDR customers configure PingAccess to send logs to the Log Collection Platform (LCP).

This document includes the following topics:

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in

Accenture MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents

Port Requirements

Table1-1: Port requirements for LCP communication.

Source

Destination

Port

Description

PingAccess

LCP

10013 (TCP with Non-TLS)

10014 (TCP with TLS)

Default port

Configuring PingAccess

To Configure PingAccess, you can configure the Windows NXlog Agent to send logs over TCP with either TLS or Non-TLS port.

 

Windows NxLog Agent for Non-TLS TCP

  1. Navigate to C:\Program Files\Ping Identity\pingaccess-5.2.1\conf and take backup of log4j2.xml file.

  2. Rename the attached file  PingAccess log4j2 copy to log4j2.xml and copy into this folder.

  3. Download the NxLog agent installation file (.exe or msi) fromhttps://nxlog.co/products/nxlog-community-edition/download  and install it on the server where PingAccess logs are available. 

  4. Go to services.msc and stop the NXlog service

  5. Navigate to folder C:\Program Files (x86)\nxlog\data" and delete "configcache.dat.

  6. Go to the location C:\Program Files (x86)\nxlog\conf. Rename the attached file Config PingAccess(Windows).conf to  nxlog.conf and copy into this folder.

  7. Replace lcpIp with actual LCP IP in Nxlog.conf at line 42 and 68.

8. Provide the PingAccess Engine Audit Logs - pingaccess_engine_audit.log file location at line 30.

9. Provide PingAccess API Audit Logs - pingaccess_api_audit.log file location in line 56.

10. Now start the NXlog service from services.msc. 

11. Nxlog agent logs will be available at the location C:\Program Files (x86)\nxlog\data\nxlog.log.

 

Windows NxLog Agent for TLS TCP

  1. Navigate to C:\Program Files\Ping Identity\pingaccess-5.2.1\conf and take backup of log4j2.xml file.

  2. Rename the attached file  PingAccess log4j2 copy 2 to log4j2.xml and copy into this folder.

  3. Download the NxLog agent installation file (.exe or msi) fromhttps://nxlog.co/products/nxlog-community-edition/download  and install it on the server where PingAccess logs are available. 

  4. Go to services.msc and stop the NXlog service

 Note: Please contact the Accenture MDR onboarding team to obtain the certificate.

5. Place the certificate in PingAccess server which is obtained from the MDR onboarding team at your desired location.

6. Go to the folder C:\Program Files (x86)\nxlog\data and delete configcache.dat.

7. Go to the location “C:\Program Files (x86)\nxlog\conf” and rename the attached file PingAccess - (Windows with TLS).conf to nxlog.conf and copy into this folder.

8. Replace lcpIp with actual LCP IP in Nxlog.conf at line 42 and 69.

9. Provide the cert file location for the CA certificate in the Nxlog.conf against CAFile at line 44 and 71.

10. Provide PingAccess Engine Audit Logs - pingaccess_engine_audit file location at line 30

11. Provide PingAccess API Audit Logs -pingaccess_api_audit.log file location at line 57

12. Now start the NXlog service from services.msc. 

13. Nxlog agent logs will be available at the location C:\Program Files (x86)\nxlog\data\nxlog.log.

 

LCP Configuration Parameters

Table 1-2: The PingAccess Event Collector(Syslog-3889) properties to be configured by MDR are given in the table.

Property

Default Value

Description

Protocol

TCP

Default protocol. 

IP Address

Ping Access  IP Address

Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ).

Note: If the device sends logs using multiple interfaces, contact the Accenture MDR onboarding team.

Port Number

10013 

The default port for TCP-Non TLS

For TCP with TLS, use 10014

 

 

Legal Notice

Copyright © 2021 Accenture. All rights reserved.

Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.