Page History

Configuring event reading and writing to Windows event log

1. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) as follows:

   • In Add the following data in Application section, add:

     Code Block
     language xml firstline 35
     <Application Id="cm" SchemaId="cmSchema"> <ReadTargetId>cmEventLogTarget<<ReadTargetId>eventLogTarget</ReadTargetId> <WriteTargets> <TargetId>cmEventLogTarget<<TargetId>eventLogTarget</TargetId> </WriteTargets> <AccessControl> <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />--> </AccessControl> </Application>

     
     

   • In the Targets section add Add a new element in Targets section:

     Code Block
     language xml
     <Targets> ... <Target Id="cmEventLogTargeteventLogTarget" Type="eventlog"/> </Targets>

     
     

2. Save the changes and close the configuration file.

Configuring event reading and writing in MS SQL

База для хранения данных Indeed Log Server создается вручную, а её наполнение происходит автоматически.

The database used as data storage for Axidian Log Server is created manually. The database contents are populated automatically.

1. Create a database with an arbitrary name in the SQL Management Studio environment:
   • In the Object Explorer right-click the Databases tab.
   • Select New database... .
   • Specify the Database name:, e.g. LogServer.

   • In the Owner: field define the database owner.

     Info
     Create a new account (e.g. cfServiceSql) or use any internal SQL or Active Directory account. Once you create the database, this account is granted db_owner, public privileges. The service account is now used to perform read/write operations from/to the database.

     
     

   • Click ОК to save the database.
     

     Scroll Pagebreak

     
     Image Added
     

2. Edit the msSqlTarget.config file (Создайте базу данных в среде SQL Management Studio с произвольным именем:
3. В окне Обозреватель объектов (Object Explorer) нажмите правой кнопкой мыши по вкладке Базы данных (Databases).
4. Выберите Создать базу данных... (New Database...).
5. Укажите Имя базы данных: (Database name:) например, LogServer.

В поле Владелец: (Owner:) определите владельца создаваемой базы.

Info
Создайте (например, servicesql) или выберите любую внутреннюю учетную запись SQL, или учетную запись Active Directory (например, сервисную учетную запись для работы Indeed CM: servicecm). Указанная учетная запись после создания базы будет обладать правами db_owner, public и будет использоваться системой для выполнения операций записи/чтения в базу данных.

6. Сохраните созданную базу данных нажав ОК.
   Image Removed
   

Перейдите в каталог C:\inetpub\wwwroot\ls\targetConfigs и отредактируйте файл cmSqlTarget.config в соответствии с настройками ниже\msSqlTarget.config) as follows:
<Settings> … </Settings>:
• Data Source - имя сервера Microsoft SQL Server или именованного экземпляра Microsoft SQL Server
• Database - имя базы данных (ILS)
• User Id - сервисная учётная запись для работы с базами данных Indeed CM
• - this parameter defines the server instance. The parameter is mandatory for all connections. Admissible values are: network name or server IP address, local or localhost for local connections.
• Database - database name (ILS).
• User Id - name of the service account used to connect to the database.

• Password - service account password.Password - пароль сервисной учётной записи

  Code Block
  language xml
  <Settings> <ConnectionString>Data Source=DCMSSQL\SQLEXPRESS;Database=LogServer;User Id=servicesqlcfServiceSql;Password=P@ssw0rd</ConnectionString> </Settings>

  
  

  Note
  If you use a named instance of
  Warning
  icon false
  В случае использования именованного экземпляра Microsoft SQL Server значение параметра Server необходимо задавать в формате <имя сервера>\<имя экземпляра>., specify the Server parameter value in the following format: <server name>\<instance name>: xml Code Block Code Block language <Settings> <ConnectionString>Server=sql\Named instance; ... </ConnectionString> </Settings>

  
  

7. Отредактируйте Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config для работы с файлом cmSqlTarget) to operate with msSqlTarget.config as follows:

   • В секции Application добавьте

     Add the following data in Application section:

     Code Block
     language xml
     <Application Id="cm" SchemaId="cmSchema"> <ReadTargetId>cmSqlTarget<<ReadTargetId>msSqlTarget</ReadTargetId> <WriteTargets> <TargetId>cmSqlTarget<<TargetId>msSqlTarget</TargetId> </WriteTargets> <AccessControl> <!--<CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" />--> </AccessControl> </Application>

     
     

   • В секции Targets добавьте новый элементAdd a new element in the Targets section:

     Code Block
     language xml
     <Targets> <Target Id="msSqlTarget" Type="mssql"/> </Targets>

     
     

8. Save changes and close the configuration file.

Configuring event reading and writing in PostgreSQL

The database used as data storage for Axidian Log Server is created manually. The database contents are populated automatically.

1. Create the database in PostgreSQL via pgAdmin:
   • In Browser section right-click on Databases and select Create > Database...
     Image Added
   • Enter the database name in the Database field on General tab. Select a service account in the Owner field. This service account is used to connect to the database. Click Save.
     Image Added
     
2. Grant privileges to service account on database tables:
   • Select created database and click Image Added to open the Query Tool.

   • Enter the text of the request and specify the account name in it:

     Code Block
     language sql
     GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "service account name";

     
     

   • Select Execute/RefreshImage Addedin Query Tool to grant privileges.
     
     

3. By default, you can connect to PostgreSQL databases only locally. To operate between several servers, configure a remote connection to the database:

   • Open the pg_hba.conf in PostgreSQL directory.

     Info
     title Pg_hba.conf file location:
     For Windows — C:\Program Files\PostgreSQL\<version number>\data For *nix — /etc/postgresql/<version number>/main

     
     

   • Add a line with the following parameters:

     Code Block
     CONNECTIONTYPE DATABASE USER ADDRESS METHOD

     Where:

     • CONNECTIONTYPE - local or TCP/IP connection type. To use TCP/IP connection, you can specify host as CONNECTIONTYPE.
     • DATABASE - name of the database. To allow connections to all databases, enter ALL.
     • USER - database user account. To allow connections from all accounts, enter ALL.
     • ADDRESS - range of IP-addresses/IP-address/hostname of the CertiFlow server. To allow connections from any IP-address, enter 0.0.0.0/0.

     • METHOD - authentication method of user account. E.g. md5, scram-sha-256.

       Code Block
       title Example
       host LogServer cfServiceSql 192.200.1.0 md5 host ALL cfServiceSql 10.0.0.0/8 md5 host ALL ALL 0.0.0.0/0 scram-sha-256

       
       

4. Edit the pgSqlTarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\pgSqlTarget.config) as follows:
   <Settings> … </Settings>:
   
   • Host - name or IP-address of the PostgreSQL server.
   • Port - TCP port used to connect to PostgreSQL server (default value is 5432).
   • Database - name of the database.
   • Username - service account that has access to the database.

   • Password - service account password.

     Code Block
     language xml
     <Settings> <ConnectionString>Host=SRV-POSTGRESQL;Port=5432;Database=LogServer;Username=cfServiceSql;Password=P@ssw0rd</ConnectionString> </Settings>

     
     

5. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to operate with pgSqlTarget.config as follows:

   • Add new TargetIds for ReadTarget and WriteTarget in Application section:

     Code Block
     language xml
     <Application Id="cm" SchemaId="cmSchema"> <ReadTargetId>pgSqlTarget</ReadTargetId> <WriteTargets> <TargetId>pgSqlTarget</TargetId> </WriteTargets> <AccessControl> <!-- <CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" /> --> </AccessControl> </Application>

     
     

   • Add a new element in Targets section:

     Code Block
     language xml
     <Targets> <Target Id="

cmSqlTarget

6. • pgSqlTarget" Type="

mssql

7. • pgsql"/> </Targets>

     
     

Configuring event writing in Syslog

1. Edit the sysLogarget.config file (C:\inetpub\wwwroot\ls\targetConfigs\sysLogTarget.config) as follows:
   <Settings> … </Settings>:
   • HostName - name or IP-address of Syslog server.
   • Port - port used to connect to Syslog server (default value is 514).

   • Protocol - type of connection to Syslog server: UDP, TCP, TCPoverTLS.

   • Format (optional)- logs format: Plain, CEF, LEEF.

   • SyslogVersion (optional) - Syslog protocol: RFC3164, RFC5424.

     Code Block
     language xml
     <Settings HostName="SRV-SYSLOG" Port="514" Protocol="UDP"/>

     
     

2. Edit the configuration file clientApps.config (C:\inetpub\wwwroot\ls\clientApps.config) to work with sysLogTarget.config as follows:

   • Add the following data in Application section:

     Code Block
     language xml
     <Applications> <Application Id="cm"

   Сохраните изменения и закройте файл конфигурации.

   • SchemaId="cmSchema"> <ReadTargetId>pgSqlTarget</ReadTargetId> <WriteTargets> <TargetId>pgSqlTarget</TargetId> <TargetId>sysLogTarget</TargetId> </WriteTargets> <AccessControl> <!-- <CertificateAccessControl CertificateThumbprint="001122...AA11" Rights="Read" /> --> </AccessControl> </Application> </Applications>

     
     

   • Add a new element in Targets section:

     Code Block
     language xml
     <Targets> <Target Id="pgSqlTarget" Type="pgsql"/> <Target Id="sysLogTarget" Type="syslog"/> </Targets>