Transcription
rr-logtrustTurning machine data into business insights.AGENTLTWinAgentConfig710 Lakeway Drive, Suite 195Sunnyvale, CA 94085 1 866-242-170072 Huertas Street - 1st floor(accessed by: 5 Jesús Street)Madrid, Spain 28014info@logtrust.com 34 91 308 83 31info@logtrust.com
Step 1. Logtrust Windows Agent installationTo download the agent please follow the stAgents.exeThe Windows agent is compounded with the followingcomponents: 1LT WindowsAgentConfigurationMagicLog: Enables text file monitoringMagicEvent: Enables remote Windows systems monitoringtrough WMI, Windows Machine InstrumentationMonitorService: Enables Windows system performancemonitoringProxyServerContainer: Enables the communication forsending events to the Logtrust In-House Relay or directlyto the Logtrust data node.Execute the LogtrustAgents.exe file:Click the “Install” button3
Click “Yes” to allow Windows to execute the configuration wizardClick Next.Step 2. ProxyServerContainer configuration: Listening Port TCP (Recommended to use the default10010)Listening Port UDP for untagged Snare sendingEvent Destination: The remote IP Address/Hostname (InHouse Relay IP or the Logtrust Cloud)Destination Port:›› 4If tagging events with box.win then use the In-HouseRelay port 13000 or in case the Logtrust Cloud useport 443If not tagging with the Agent have to use the InHouse Relay port 13002. No cloud possibility withoutTagging.Compression Type: None, GZipStreamEnable/Disable SSL sendingCertificate SelectionStore Name: Directory name for storing the certificates(recommended: My)Store Location: LocalMachine (recommended) orCurrentUser
Click “Certificates”Go to your Logtrust account to Account Administration Credentials and click “Show” under “Api Key” to display it.Copy and paste the Api Key in the configuration wizardDo the same for the “Api Secret” and click “Install”5
Display the options in the combo box “Certificate SubjectDistinguished Name” and select the certificate of your Logtrustaccount.Click “Next”.Step 3. Magic Event configuration:Magic Event allows you to monitor other Windows machinesvia WMI. To configure the remote monitoring, click “Add” andintroduce the information requested in the form. 6WMI Polling frequencyMax Degree of Parallelism: How many machines to bepolled in parallel. Performance warning when using bigdegrees.Destination Port (The ProxyServerContainer Listening port)Destination IP (The ProxyServerContainer localhost)Tag (Have to be: box.win)Machine List File location (if changed, the file needs to becreated manually)Encryption option if machine list file is encrypted (will hashthe password)Configuration of the monitored WMI Machine List
Machines.txt file structure:Machine-IP, Domain name, Userid, Password, Even Path10.2.1.2, LogtrustDomain, toniam, 00001111010101010#Security,Application10.2.2.1, 10.2.2.1, toniam, 110010101101101#Security, Application, ADStep 4. MagicLog configuration:Magic Log allows you to monitor any text file including logfiles. To monitor one of them, click “Add” and introduce theinformation requested in the form.In the “File Pattern” field introduce something like: *.txt al *.* tomonitor all the files.In the “Tag” field introduce “test.keep.free” for testing purposesor something like “my.app.a.b.c.d” File Polling FrequencyMax Degree of Parallelism: How many logs will be polledin parallel. Performance warning when using big degrees.Configuration of Monitored FilesFinally click “Accept”.7
Click “Next”Click “Next” to finish the configuration process.8
AGENT Turning machine data into business insights. LTWin Agent Config 72 Huertas Street - 1st floor (accessed by: 5 Jesús Street) Madrid, Spain 28014 34 91 308 83 31 info@logtrust.com 710 Lakeway Drive, Suite 1
