Accenture MDR Quick Start Guide for Digital ArtsĀ® i-FilterĀ® (TCP)
This quick start guide will help Accenture MDR customers configure Digital ArtsĀ® TCP I-FilterĀ® to send logs to the Log Collection Platform (LCP).
Ā
The document includes the following topics:
Supported Versions
A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal.
Port Requirements
Table1-1: Port requirements for LCP communication.
Source | Destination | Port | Description |
DigitalĀ ArtsĀ®Ā i-Filter | LCP | 10013 (TCP with Non-TLS) 10014 (TCP with TLS) | Default port |
Configuring Digital Arts i-Filter
To configure the I-Filter proxy, follow the below steps.
Configure Log Settings/Access Log based on you OS or device version below.
To configureĀ Log Settings / Access Log for DigitalArts iFilter on Windows MachineĀ or Linux Machine.
To configureĀ Log Settings / Access Log for DigitalArts iFilter version - 10.
Below are the steps to begin the Configuration.
Configure Log Settings/Access LogĀ for DigitalArts iFilter on Windows or Linux Machine.
Log intoĀ http://inetnf.conf/Ā as an Administrator.
NavigateĀ toĀ System SettingĀ >Ā Log Settings in the i-Filter Proxy Server Web Console.
In the Access Log section, specify the following values and click the Save button from the right top corner.
Set the Output method asĀ I-FILTER standard format. The Output path location is logs/access.log
Ā Note: Keep rest of the settings are unchanged or reset according to your requirements.
ConfigureĀ Log Settings/Access LogĀ forĀ DigitalArts iFilter Version -10
Log into i-Filter Proxy Server Web Console.
Navigate to System > Log > Access Log Setting.
In Log Setting Tab, enable the Include Format.
4. Go to Format Setting tab and select the Default format.
5. Click Confirm and Save the settings.
6. Restart the device to reflect the changes.
Configure Log Settings / Block log / POST log / Config Change History Log / By process execution log
Keep the path value same as default for log storage.Ā
Major web traffic logs are going to pull from access log file.Ā
Block logs are also collected from access log file.
Ā Note: Keep the default path for log storage.
Configure Windows Nxlog Agent
To Configure the Windows NXlog Agent to send logs over TCP with either TLS or Non-TLS port.
Windows NxLog Agent for Non-TLS TCP
Windows NxLog Agent for TLS TCP
Windows NxLog Agent for Non-TLS TCP
Download the NxLog agent installation file (.exe or msi) fromĀ https://nxlog.co/products/nxlog-community-edition/downloadĀ and install it on the server where I-Filter WebProxy logs are available.Ā
Go toĀ services.mscĀ and stop the NXlog service
Navigate to folderĀ C:\Program Files (x86)\nxlog\dataĀ and deleteĀ configcache.dat.
Go to the locationĀ C:\Program Files (x86)\nxlog\conf. Copy the below configuration and paste it in the fileĀ nxlog.confĀ and save it.
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
Ā
<Extension charconv>
Module xm_charconv
AutodetectCharsets UTF-8, UCS-2LE
</Extension>
# Load the json extension
<Extension json>
Module xm_json
</Extension>
Ā
<Input ifilter>
Module im_file
File "C:\\Program Files\\Digital Arts\\i-FILTER Proxy Server Ver.10\logs\\access.log0000"
ReadFromLast False
SavePos False
Exec $FileName = file_name();
Exec $Hostname = hostname_fqdn();
Exec$raw_event = "NXLOG|" + $Hostname + "|OFFBOX-iFILTERWEBPROXY-TO-LCP|" + $FileName + "::::" + $raw_event;
</Input>
# Send the read log lines out to nxlog server
<Output out-ifilter>
Module om_tcp
Host lcpip
Port 10013
OutputTypeLineBased
</Output>
Ā
# Build the route from nxlog on Windows to nxlog on server
Ā
<Route 1>
Path ifilter => out-ifilter
</Route>
5. ReplaceĀ lcpipĀ with actual LCP IP inĀ NXlog.confĀ .
6. Provide I-Filter Web Proxy LogĀ location againstĀ FileĀ location at line 31.
7. Now start the NXlog service fromĀ services.mscĀ
8. Nxlog agent logs will be available at the locationĀ C:\Program Files (x86)\nxlog\data\nxlog.log.
Windows NxLog Agent for TLS TCP
Download the NxLog agent installation file (.exe or msi) fromĀ https://nxlog.co/products/nxlog-community-edition/downloadĀ and install it on the server where I-Filter WebProxyĀ logs are available.Ā
Go toĀ services.mscĀ and stop the NXlog service.
Ā Note: Please contact the Accenture MDR onboarding team to obtain the certificate.
3. Place the certificate in Digital Arts i-Filter sever which is obtained from the MDR onboarding team at your desired location.
4. Go to the folderĀ C:\Program Files (x86)\nxlog\dataĀ and deleteĀ configcache.dat.
5. Go to the locationĀ C:\Program Files (x86)\nxlog\conf. Copy the below configuration and paste it in the fileĀ nxlog.confĀ and save it.
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/docs/
## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Ā
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
Ā
<Extension charconv>
Module xm_charconv
AutodetectCharsets UTF-8, UCS-2LE
</Extension>
Ā
# Load the json extension
<Extension json>
Module xm_json
</Extension>
Ā
<Input ifilter>
Module im_file
File "C:\\Program Files\\Digital Arts\\i-FILTER Proxy Server Ver.10\logs\\access.log0000"
ReadFromLast False
SavePos False
Exec $FileName = file_name();
Exec $Hostname = hostname_fqdn();
Exec$raw_event = "NXLOG|" + $Hostname + "|OFFBOX-iFILTERWEBPROXY-TO-LCP|" + $FileName + "::::" + $raw_event;
</Input>
Ā
# Send the read log lines out to nxlog server
<Output out-ifilter>
Module om_ssl
Host lcpip
Port 10014
CAFileCertificate file location on I-filter Server
OutputTypeLineBased
</Output>
Ā
# Build the route from nxlog on Windows to nxlog on server
Ā
<Route 1>
Path ifilter => out-ifilter
</Route>
6. ReplaceĀ lcpipĀ with actual LCP IP inĀ NXlog.confĀ
7. Provide the cert file location for the CA certificate inĀ NXlog.confĀ against CAFile at line 44.
8. Now start the Nxlog service fromĀ services.msc.
9. NxLog agent logs will be available at location "C:\Program Files (x86)\nxlog\data\nxlog.log".
LCP Configuration Parameters
Table 1-2: The Digital Arts I-Filter TCP Event Collector (Syslog -3894) properties to be configured by MDR are given in the table.
Property | Default Value | Description |
Protocol | TCP | The default protocol for syslog.Ā |
IP Address | Digital Arts I-Filter IP Address | Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ). Note: If the device sends logs using multiple interfaces, contact the Accenture MDR onboarding team. |
Port Number | 10013Ā | The default port for TCP-Non TLS. Default port for TCP with TLS is 10014. |
Ā
Ā
Ā
Legal Notice
Copyright Ā© 2021 Accenture. All rights reserved.
Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.