Accenture MDR Quick Start Guide for Digital Arts® i-Filter® (TCP)

This quick start guide will help Accenture MDR customers configure Digital Arts® TCP I-Filter® to send logs to the Log Collection Platform (LCP).

The document includes the following topics:

1 Supported Versions
2 Port Requirements
3 Configuring Digital Arts i-Filter
4 Configure Windows Nxlog Agent
5 LCP Configuration Parameters

Supported Versions

A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal.

Port Requirements

Table1-1: Port requirements for LCP communication.

Source

Destination

Port

Description

Digital Arts® i-Filter

LCP

10013 (TCP with Non-TLS)

10014 (TCP with TLS)

Default port

Configuring Digital Arts i-Filter

To configure the I-Filter proxy, follow the below steps.

Configure Log Settings/Access Log based on you OS or device version below.

To configure Log Settings / Access Log for DigitalArts iFilter on Windows Machine or Linux Machine.
To configure Log Settings / Access Log for DigitalArts iFilter version - 10.

Below are the steps to begin the Configuration.

Configure Log Settings/Access Log for DigitalArts iFilter on Windows or Linux Machine.

Log into http://inetnf.conf/ as an Administrator.
Navigate to System Setting > Log Settings in the i-Filter Proxy Server Web Console.
In the Access Log section, specify the following values and click the Save button from the right top corner.
Set the Output method as I-FILTER standard format. The Output path location is logs/access.log

Note: Keep rest of the settings are unchanged or reset according to your requirements.

Configure Log Settings/Access Log for DigitalArts iFilter Version -10

Log into i-Filter Proxy Server Web Console.
Navigate to System > Log > Access Log Setting.
In Log Setting Tab, enable the Include Format.

4. Go to Format Setting tab and select the Default format.

5. Click Confirm and Save the settings.

6. Restart the device to reflect the changes.

Configure Log Settings / Block log / POST log / Config Change History Log / By process execution log

Keep the path value same as default for log storage.
Major web traffic logs are going to pull from access log file.
Block logs are also collected from access log file.

Note: Keep the default path for log storage.

Configure Windows Nxlog Agent

To Configure the Windows NXlog Agent to send logs over TCP with either TLS or Non-TLS port.

Windows NxLog Agent for Non-TLS TCP
Windows NxLog Agent for TLS TCP

Windows NxLog Agent for Non-TLS TCP

Download the NxLog agent installation file (.exe or msi) from https://nxlog.co/products/nxlog-community-edition/download and install it on the server where I-Filter WebProxy logs are available.
Go to services.msc and stop the NXlog service
Navigate to folder C:\Program Files (x86)\nxlog\data and delete configcache.dat.
Go to the location C:\Program Files (x86)\nxlog\conf. Copy the below configuration and paste it in the file nxlog.conf and save it.

## This is a sample configuration file. See the nxlog reference manual about the

## configuration options. It should be installed locally and is also available

## online at http://nxlog.org/docs/

## Please set the ROOT to the folder your nxlog was installed into,

## otherwise it will not start.

#define ROOT C:\Program Files\nxlog

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules

CacheDir %ROOT%\data

Pidfile %ROOT%\data\nxlog.pid

SpoolDir %ROOT%\data

LogFile %ROOT%\data\nxlog.log

Module xm_charconv

AutodetectCharsets UTF-8, UCS-2LE

</Extension>

# Load the json extension

Module xm_json

</Extension>

Module im_file

File "C:\\Program Files\\Digital Arts\\i-FILTER Proxy Server Ver.10\logs\\access.log0000"

ReadFromLast False

SavePos False

Exec $FileName = file_name();

Exec $Hostname = hostname_fqdn();

Exec$raw_event = "NXLOG|" + $Hostname + "|OFFBOX-iFILTERWEBPROXY-TO-LCP|" + $FileName + "::::" + $raw_event;

</Input>

# Send the read log lines out to nxlog server

Module om_tcp

Host lcpip

Port 10013

OutputTypeLineBased

</Output>

# Build the route from nxlog on Windows to nxlog on server

Path ifilter => out-ifilter

</Route>

5. Replace lcpip with actual LCP IP in NXlog.conf .

6. Provide I-Filter Web Proxy Log location against File location at line 31.

7. Now start the NXlog service from services.msc

8. Nxlog agent logs will be available at the location C:\Program Files (x86)\nxlog\data\nxlog.log.

Windows NxLog Agent for TLS TCP

Download the NxLog agent installation file (.exe or msi) from https://nxlog.co/products/nxlog-community-edition/download and install it on the server where I-Filter WebProxy logs are available.
Go to services.msc and stop the NXlog service.

Note: Please contact the Accenture MDR onboarding team to obtain the certificate.

3. Place the certificate in Digital Arts i-Filter sever which is obtained from the MDR onboarding team at your desired location.

4. Go to the folder C:\Program Files (x86)\nxlog\data and delete configcache.dat.

5. Go to the location C:\Program Files (x86)\nxlog\conf. Copy the below configuration and paste it in the file nxlog.conf and save it.

## This is a sample configuration file. See the nxlog reference manual about the

## configuration options. It should be installed locally and is also available

## online at http://nxlog.org/docs/

## Please set the ROOT to the folder your nxlog was installed into,

## otherwise it will not start.

#define ROOT C:\Program Files\nxlog

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules

CacheDir %ROOT%\data

Pidfile %ROOT%\data\nxlog.pid

SpoolDir %ROOT%\data

LogFile %ROOT%\data\nxlog.log

Module xm_charconv

AutodetectCharsets UTF-8, UCS-2LE

</Extension>

# Load the json extension

Module xm_json

</Extension>

Module im_file

File "C:\\Program Files\\Digital Arts\\i-FILTER Proxy Server Ver.10\logs\\access.log0000"

ReadFromLast False

SavePos False

Exec $FileName = file_name();

Exec $Hostname = hostname_fqdn();

Exec$raw_event = "NXLOG|" + $Hostname + "|OFFBOX-iFILTERWEBPROXY-TO-LCP|" + $FileName + "::::" + $raw_event;

</Input>

# Send the read log lines out to nxlog server

Module om_ssl

Host lcpip

Port 10014

CAFileCertificate file location on I-filter Server

OutputTypeLineBased

</Output>

# Build the route from nxlog on Windows to nxlog on server

Path ifilter => out-ifilter

</Route>

6. Replace lcpip with actual LCP IP in NXlog.conf

7. Provide the cert file location for the CA certificate in NXlog.conf against CAFile at line 44.

8. Now start the Nxlog service from services.msc.

9. NxLog agent logs will be available at location "C:\Program Files (x86)\nxlog\data\nxlog.log".

LCP Configuration Parameters

Table 1-2: The Digital Arts I-Filter TCP Event Collector (Syslog -3894) properties to be configured by MDR are given in the table.

Property	Default Value	Description
Protocol	TCP	The default protocol for syslog.
IP Address	Digital Arts I-Filter IP Address	Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ). Note: If the device sends logs using multiple interfaces, contact the Accenture MDR onboarding team.
Port Number	10013	The default port for TCP-Non TLS. Default port for TCP with TLS is 10014.