cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

JBOSS as Data Source

Jump to solution

Hi

Anybody has configured JBOSS as Data Source in ESM? We want to check user/admin access to console.

In which file is this information?

Is there any guide?

Thanks

1 Solution

Accepted Solutions
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: JBOSS as Data Source

Jump to solution

Configure Red Hat JBoss Application Server

By default, logs are stored locally in the installation directory for JBoss.

In a standalone system, that file is located in this directory: <INSTALL_PATH>/standalone/log/server.log

If JBoss is installed in a managed domain, the files are located in this directory: <INSTALL_PATH>/domain/servers/<SERVER_NAME>/log/server.log

Where <INSTALL_PATH> is the directory where JBoss was installed and <SERVER_NAME> is the server instance to be monitored.

Syslog is not natively supported for logging on to JBoss. You can retrieve these files using a file-pull method (for example SCP or SFTP) through the McAfee Event Receiver or Collector. You can also use a syslog program to send the information from the files directly to the McAfee Event Receiver. See the relevant product documentation for more information.

 

Configure WildFly 8
Task
From the command line, run these commands:
/subsystem=logging/syslog-handler=syslog:add(syslog-format=RFC5424, level=INFO)
/subsystem=logging/root-logger=ROOT:add-handler(name=syslog)
/subsystem=logging/syslog-handler=syslog:write-attribute(name=hostname,value="<ReceiverIpAddress>")
where the <ReceiverIPAddress> is the IP address of the McAfee Event Receiver.
 
3 Replies
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 4

Re: JBOSS as Data Source

Jump to solution

Hi

Attaching a picture of configurations

Capture.PNG

 

Best regards

David

Re: JBOSS as Data Source

Jump to solution

Hi David,

thank you for your reply, but I want to know what should I configure in JBOSS server to receive access events or other security events in SIEM

Regards

Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: JBOSS as Data Source

Jump to solution

Configure Red Hat JBoss Application Server

By default, logs are stored locally in the installation directory for JBoss.

In a standalone system, that file is located in this directory: <INSTALL_PATH>/standalone/log/server.log

If JBoss is installed in a managed domain, the files are located in this directory: <INSTALL_PATH>/domain/servers/<SERVER_NAME>/log/server.log

Where <INSTALL_PATH> is the directory where JBoss was installed and <SERVER_NAME> is the server instance to be monitored.

Syslog is not natively supported for logging on to JBoss. You can retrieve these files using a file-pull method (for example SCP or SFTP) through the McAfee Event Receiver or Collector. You can also use a syslog program to send the information from the files directly to the McAfee Event Receiver. See the relevant product documentation for more information.

 

Configure WildFly 8
Task
From the command line, run these commands:
/subsystem=logging/syslog-handler=syslog:add(syslog-format=RFC5424, level=INFO)
/subsystem=logging/root-logger=ROOT:add-handler(name=syslog)
/subsystem=logging/syslog-handler=syslog:write-attribute(name=hostname,value="<ReceiverIpAddress>")
where the <ReceiverIPAddress> is the IP address of the McAfee Event Receiver.
 
Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.