Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  Configuring syslog-ng for DAM MX and Gateway

    Posted 08-27-2024 01:33

    Hi Everyone,

    Been going through some documentations on how to configure syslog-ng for MX and Gateway.As i am relatively quite new to Imperva products would appreciate if someone can point me to the correct guide.I have come across 2 documentations while reading up,can someone on the community kindly validate that i am looking at the correct documentation for setting up syslog-ng for DAM mx and gateway.Thank you and much appreciated


    #DatabaseActivityMonitoring

    ------------------------------
    Muhammad Fadzil AB Razak
    Associate Engineer
    Ensign InfoSecurity (Systems) Pte Ltd.
    Singapore
    ------------------------------


  • 2.  RE: Configuring syslog-ng for DAM MX and Gateway

    Posted 08-29-2024 07:51

    Hello Muhammad Fadzil AB Razak,

    Thank you for the post, you can refer the below document,

    https://docs.imperva.com/bundle/v14.7-database-activity-monitoring-user-guide/page/1656.htm



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------



  • 3.  RE: Configuring syslog-ng for DAM MX and Gateway

    Posted 08-29-2024 22:20

    Hi Fadzil,

    You can also refer to this document as well.

    https://support.imperva.com/s/document-item?bundleId=z-kb-articles-km&topicId=ec0bde4a.html&_LANG=enus



    ------------------------------
    Agustin Cudiamat
    Engineer
    Singapore
    ------------------------------



  • 4.  RE: Configuring syslog-ng for DAM MX and Gateway

    Posted 09-03-2024 11:36
    Edited by Uiliam de Mello 09-03-2024 11:40

    Hello Muhammad Fadzil AB Razak,

    Here, at syslog-ng side, we send Imperva logs (to port 10514, but it works with any unused UDP port) to our syslog-ng server (used in conjunction with Splunk) with following entries on /etc/syslog-ng/syslog-ng.conf:

    source s_udp_impervaDAM_10514 {
        udp(ip("0.0.0.0") port(10514));

    };

    destination d_impervaDAM {

        file("/path/to/syslog-ng/logs/${HOST}/${HOST}.log");

    }

    log { source(s_udp_impervaDAM_10514); destination(d_impervaDAM); };

    With this settings and configuring DAM with docs provided by Syed and Agustin, you'll have success to send logs to you syslog/siem server.

    PS: Don't forget to set some log rotation configuration, to avoid increase and full disk space on your syslog-ng server.

    I hope it helps

    Regards



    ------------------------------
    Uiliam de Mello
    Information Security Analyst
    Brazil
    ------------------------------