The Sensors A sensor can be used alternatively to correlation rule (see this section) when the number of occurrences is high.Sensors detect when a large number of events repeating in a time interval and alert the admin when a specific threshold exceeded. Sensor in the other hand is less flexible than a correlation rule. Requirements: […]
The multi-events correlation rules A correlation rule is used to alert the admin when an event, or a series of events, occur in a specified time range.In order to create a multi-events rule following requirements are needed: Requirements: A mail server must be configured. Look Configure a Mail server section to see how to configure […]
How to forward Apache web server logs to SGBox This article explains how to forward logs from Apache web server installed in Linux & Windows systems to SGBox and all the related information. Linux systems In the Linux, go In syslog path /etc/ryslog.d/ and Add a file with name like 60-ApacheLogs.conf In this example, to read the Apache […]
Change the test script This section explains how to modify some test script’s arguments. Requirements: At least one test script must be configured. Look at this section to create a test script Connect to SGBox web interface and navigate to SCM > SM > View > Host. The check’s results are shown. In our case […]
Version 5 New S.O. based on Ubuntu Fast Data Access New Data Management Strong Data Encryption Improved Correlation Engine Automatic Vendors Recognition Version 4 S.O. based on Ubuntu Strong Data Encryption Correlation Engine
Microsoft CA This article will explain how to create a Microsoft CA in order to use LDAPS protocol and access to SGBox with your AD Users. It’s not mandatory have a Microsoft CA to use LDAPS protocols, you can use also an External CA. The only requirements is that SGBox is able to solve the […]
Profiles and Vendors (logs auto recognition) With version 5.1.0 a new concept has been introduced: logs auto recognition and categorization. SGBox already recognizes many different log sources, and up to v5.0.7 user needed to associate the collected logs to the desired patterns to extract events. Pre-defined classes are now associated to known vendors, and by […]
SGBox Event Text Lookup search (ETL) The ETL function allows user to search for a specific parameter in the events history. Using this functionality you can search in the past events any occurrence of the parameter you select. In this way it is possible, for example, to check if the source IP address of a […]
Extend the entire disk size This article explains how to expand the capacity of SGBox’s disk. With version 5 is possible extend the full disk, not only the data partition. In order to extend the disk: Requirements: SGBox version 5 is required. You need to extend SGBox disk from your hypervisor. ⚠️ It may be […]
Download and Configure MySQL App This articles explain how to configure MySQL App in order to retrieve logs from a specifc database table. Before start here you can see how our database is configured: Requirements: SGBox version 4.2.5 Go to the application lists from SGBox go to SCM > Applications Select Vendors Integrations and download […]