cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
aortizma
Not applicable
Report Inappropriate Content
Message 1 of 4

JBOSS as Data Source

Jump to solution

Hi

Anybody has configured JBOSS as Data Source in ESM? We want to check user/admin access to console.

In which file is this information?

Is there any guide?

Thanks

1 Solution

Accepted Solutions
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: JBOSS as Data Source

Jump to solution

Configure Red Hat JBoss Application Server

By default, logs are stored locally in the installation directory for JBoss.

In a standalone system, that file is located in this directory: <INSTALL_PATH>/standalone/log/server.log

If JBoss is installed in a managed domain, the files are located in this directory: <INSTALL_PATH>/domain/servers/<SERVER_NAME>/log/server.log

Where <INSTALL_PATH> is the directory where JBoss was installed and <SERVER_NAME> is the server instance to be monitored.

Syslog is not natively supported for logging on to JBoss. You can retrieve these files using a file-pull method (for example SCP or SFTP) through the McAfee Event Receiver or Collector. You can also use a syslog program to send the information from the files directly to the McAfee Event Receiver. See the relevant product documentation for more information.

 

Configure WildFly 8
Task
From the command line, run these commands:
/subsystem=logging/syslog-handler=syslog:add(syslog-format=RFC5424, level=INFO)
/subsystem=logging/root-logger=ROOT:add-handler(name=syslog)
/subsystem=logging/syslog-handler=syslog:write-attribute(name=hostname,value="<ReceiverIpAddress>")
where the <ReceiverIPAddress> is the IP address of the McAfee Event Receiver.
 
3 Replies
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: JBOSS as Data Source

Jump to solution

Hi

Attaching a picture of configurations

Capture.PNG

 

Best regards

David

aortizma
Not applicable
Report Inappropriate Content
Message 3 of 4

Re: JBOSS as Data Source

Jump to solution

Hi David,

thank you for your reply, but I want to know what should I configure in JBOSS server to receive access events or other security events in SIEM

Regards

Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: JBOSS as Data Source

Jump to solution

Configure Red Hat JBoss Application Server

By default, logs are stored locally in the installation directory for JBoss.

In a standalone system, that file is located in this directory: <INSTALL_PATH>/standalone/log/server.log

If JBoss is installed in a managed domain, the files are located in this directory: <INSTALL_PATH>/domain/servers/<SERVER_NAME>/log/server.log

Where <INSTALL_PATH> is the directory where JBoss was installed and <SERVER_NAME> is the server instance to be monitored.

Syslog is not natively supported for logging on to JBoss. You can retrieve these files using a file-pull method (for example SCP or SFTP) through the McAfee Event Receiver or Collector. You can also use a syslog program to send the information from the files directly to the McAfee Event Receiver. See the relevant product documentation for more information.

 

Configure WildFly 8
Task
From the command line, run these commands:
/subsystem=logging/syslog-handler=syslog:add(syslog-format=RFC5424, level=INFO)
/subsystem=logging/root-logger=ROOT:add-handler(name=syslog)
/subsystem=logging/syslog-handler=syslog:write-attribute(name=hostname,value="<ReceiverIpAddress>")
where the <ReceiverIPAddress> is the IP address of the McAfee Event Receiver.
 
McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.