When you configure your Dtex Systems Dtex to send log data to USM Appliance, you can use the Dtex plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
| Device | Details |
|---|---|
| Vendor | Dtex Systems |
| Device Type | Intrusion Detection System |
| Connection Type | Syslog |
| Data Source Name | Dtex |
| Data Source ID | 1912 |
Integrating Dtex Systems Dtex
Before you configure the Dtex Systems Dtex integration, you must have the IP Address of the USM Appliance Sensor.
To configure Dtex Systems Dtex to send Syslog messages to USM Appliance
-
Configure your /etc/rsyslog.conf file as follows:
$ModLoad imfile
$InputFileName <path to location where Dtex logs are saved>
$InputFileTag dtex
$InputFileSeverity <desired log level>
$InputFileFacility <local syslog facility>
$InputRunFileMonitor
dtex.log.* @@<USM Appliance_IP_Address>:514
For the $InputFileName parameter, you add the file path to the log file. The $InputFileFacility parameter specifies the syslog facility assigned to read log entries. For the $InputFileSeverity parameter, specify the log level corresponding to the severity of log messages you want to receive. (The default level is notice.)
- Restart the rsyslog service.
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
For troubleshooting, refer to the vendor documentation:
Feedback