When you configure your NBS System Naxsi to send log data to USM Appliance, you can use the NBS System Naxsi plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
| Device | Details |
|---|---|
| Vendor | NBS System |
| Device Type | Firewall |
| Connection Type | Syslog |
| Data Source Name | Naxsi |
| Data Source ID | 1893 |
Integrating NBS System Naxsi
NBS System Naxsi is a service installed on systems running a Linux-based OS. To send logs collected from Linux built-in services, you just need to add an rsyslog configuration file that reads from a specified file and redirects the logs to USM Appliance. Before you configure the NBS System Naxsi integration, you must have the IP Address of the USM Appliance Sensor.
To configure NBS System Naxsi to send Syslog messages to USM Appliance
- Create a new rsyslog configuration file with the following entries:
- Save the rsyslog configuration file and restart rsyslog.
$ModLoad imfile
$InputFileName /var/log/nginx/error.log
$InputFileTag naxsi
$InputFileStateFile naxsi-events
$InputFileSeverity error
$InputFileFacility local7
$InputRunFileMonitor
*.* @<USM Appliance>:514
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
https://github.com/nbs-system/naxsi/wiki
For troubleshooting, refer to the vendor documentation:
http://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html
Feedback