Views:

To configure OSCE clients to deliver logs to the OSCE server or a particular remote SysLog server:

  1. Go to the OSCE server’s \PCCSRV\ folder.
  2. Open the Ofcscan.ini file.
  3. Proceed to the Global Setting section.
  4. Add the following keys:

    [Global Setting]
    EnableDeviceControlUSBBlockingLog = 1
    EnableClientSendingSysLog = 1
    ClientSendingSysLogServer = <SysLog_Server_Name>
    ClientSendingSysLogUdpPort = <SysLog_Listening_Port>

  5. Save the changes and close the file.
  6. Open the OfficeScan web console.
  7. Go to Networked Computers > Global Client Settings.
  8. Search for the keyword #AEGIS.
  9. Modify the SendLogPeriod value to 30 (i.e. SendLogPeriod=30). It changes the log sending interval of the Device Control Log to 30 seconds. The default value is 3600 seconds.
  10. Click Save to deploy the setting to all clients. The OSCE client program automatically installs the following registry keys:

    Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
    Key: EnableDeviceControlUSBBlockingLog
    Type: DWORD
    Value: 1

    Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Syslog]
    Key: EnableClientSendingSysLog
    Type: DWORD
    Value: 1

    Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Syslog]
    Key: Server
    Type: STRING
    Value: <SysLog_Server_Name>

    Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Syslog]
    Key: UdpPort
    Type: DWORD
    Value: <SysLog_Listening_Port>

OSCE clients should now be able to send Device Access Control blocking logs to the OSCE server and to deliver Device Control logs to a remote SysLog server.

 
  • Behavior Monitoring feature should be enabled to get syslog notifications work.
  • Syslog notification will be sent by each particular OSCE agent.