When you configure NBS System Naxsi to send log data to USM Appliance, you can use the NBS System Naxsi plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.

Plugin Information

Device	Details
Vendor	NBS System
Device Type	Firewall
Connection Type	Syslog
Data Source Name	Naxsi
Data Source ID	1893

Integrating NBS System Naxsi

NBS System Naxsi is a service installed on systems running a Linux-based OS. To send logs collected from Linux built-in services, you just need to add an rsyslog configuration file that reads from a specified file and redirects the logs to USM Appliance. Before you configure the NBS System Naxsi integration, you must have the IP Address of the USM Appliance Sensor.

To configure NBS System Naxsi to send Syslog messages to USM Appliance

1. Create a new rsyslog configuration file with the following entries:

$ModLoad imfile

 

$InputFileName /var/log/nginx/error.log

$InputFileTag naxsi

$InputFileStateFile naxsi-events

$InputFileSeverity error

$InputFileFacility local7

$InputRunFileMonitor

 

*.* @<USM Appliance>:514

2. Save the rsyslog configuration file and restart rsyslog.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://github.com/nbs-system/naxsi/wiki

For troubleshooting, refer to the vendor documentation:

http://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html