Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Warning | |||||
---|---|---|---|---|---|
| |||||
You need to recycle Indeed.LS application pool after every change to the configuration file. You can do this in IIS Manager snap-in, or with powershell command
|
Indeed Identity Log Server supports:
- Microsoft SQL Server
- PostgreSQL, PostgreSQL Pro
- Syslog server (Plain, CEF, LEEF formats)
Note | ||
---|---|---|
| ||
Event reading is supported from only one storage (<ReadTargetId>). Event writing is supported in several storages (<WriteTargets>) simultaneously. |
Setting up reading and writing events in the DBMS
Microsoft SQL Server
- Go to the C:\inetpub\wwwroot\ls\targetConfigs folder, reate a copy of the file sampleDb.config and rename it to mssqlDb.config, then edit the file according to the settings below:
<Settings> … </Settings>:- Data Source - name of the Microsoft SQL Server or named instance of Microsoft SQL Server
- Initial Catalog - database name (ILS)
- User ID - service account for working with the database
Password - service account password
Code Block language xml theme Confluence <Settings> <ConnectionString>Data Source=sql.domain.local; Initial Catalog=ILS; Integrated Security=False; User ID=IPAMSQLServiceOps; Password=Password</ConnectionString> </Settings>
Warning icon false If using a named instance of Microsoft SQL Server, the value of the Data Source parameter must be set in the format <server name>\<instance name>.
Code Block language xml <Settings> <ConnectionString>Data Source=sql\Named instance; ... </ConnectionString> </Settings>
In the file C:\inetpub\wwwroot\ls\clientApps.config edit the pam section for work with the mssqlDb.config file:
Code Block language xml <Application Id="pam" SchemaId="Pam.Schema"> <ReadTargetId>mssqlDb</ReadTargetId> <WriteTargets> <TargetId>mssqlDb</TargetId> </WriteTargets> <AccessControl> <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />--> </AccessControl> </Application>
Here, in the Targets section add a new element:
Code Block language xml <Targets> ... <Target Id="mssqlDb" Type="mssql"/> </Targets>
PostgreSQL, PostgreSQL Pro
- Go to C:\inetpub\wwwroot\ls\targetConfigs directory, create a copy of the file sampleDb.config rename it to postgresDb.config, then edit the postgresDb.config file similar to the settings for Microsoft SQL Server.
<Settings> … </Settings>:- Host - name of the PostgreSQL, PostgreSQL Pro or named instance of PostgreSQL
- Database - database name (ILS)
- Username - service account for working with the database
Password - service account password
Code Block language xml theme Confluence <Settings> <ConnectionString>Host=sql.domain.local; Database=ILS; Integrated Security=False; Username=IPAMSQL; Password=Password</ConnectionString> </Settings>
In the C:\inetpub\wwwroot\ls\clientApps.config file edit pam section for work with the postgresDb.config file:
Code Block language xml <Application Id="pam" SchemaId="Pam.Schema"> <ReadTargetId>postgresDb</ReadTargetId> <WriteTargets> <TargetId>postgresDb</TargetId> </WriteTargets> <AccessControl> <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />--> </AccessControl> </Application>
In the Targets section add a new element:
Code Block language xml <Targets> ... <Target Id="postgresDb" Type="pgsql"/> </Targets>
Configuring Event Logging to Syslog
- Go to the C:\inetpub\wwwroot\ls\targetConfigs folder, create a copy of the file sampleDb.config and rename it to Syslog.config, then edit thefile according to the settings below:
<Settings> … </Settings>:- HostName -Syslog server name
- Port - Syslog port number
- Protocol - Syslog connection type: TCPoverTLS, TCP, UDP
- Format - logging format: Plain, CEF, LEEF
SyslogVersion - select syslog protocol: RFC3164, RFC5424
Code Block language xml theme Confluence <Settings HostName="localhost" Port="5081" Protocol="TCP" Format="CEF" SyslogVersion="RFC3164" />
In the C:\inetpub\wwwroot\ls\clientApps.config file edit pam section for work with the Syslog.config file. Add a new TargetId for the WriteTarget:
Code Block language xml <Application Id="pam" SchemaId="Pam.Schema"> <ReadTargetId>mssqlDB</ReadTargetId> <WriteTargets> <TargetId>mssqlDB</TargetId> <TargetId>Syslog</TargetId> </WriteTargets> <AccessControl> <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />--> </AccessControl> </Application>
In the Targets section add a new element:
Code Block language xml <Targets> ... <Target Id="mssqlDb" Type="mssql"/> <Target Id="Syslog" Type="syslog"/> </Targets>
Setting up writing events both to the PostgreSQL and Syslog
- Go to the C:\inetpub\wwwroot\ls\targetConfigs folder, create files postgresDb.config, Syslog.config according to the instructions above.
In the C:\inetpub\wwwroot\ls\clientApps.config file edit pam section
Code Block language xml <Application Id="pam" SchemaId="Pam.Schema"> <ReadTargetId>postgresDb</ReadTargetId> <WriteTargets> <TargetId>postgresDb</TargetId> <TargetId>Syslog</TargetId> </WriteTargets> <AccessControl> <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />--> </AccessControl> </Application>
In the Targets section add new strings for postgresDB and Syslog:
Code Block language xml <Targets> ... <Target Id="postgresDb" Type="pgsql"/> <Target Id="Syslog" Type="syslog"/> </Targets>
Backtotop | ||||
---|---|---|---|---|
|
Divbox | ||||
---|---|---|---|---|
| ||||
|