To configure OSCE clients to deliver logs to the OSCE server or a particular remote SysLog server:
- Go to the OSCE server’s \PCCSRV\ folder.
- Open the Ofcscan.ini file.
- Proceed to the Global Setting section.
- Add the following keys:
[Global Setting]
EnableDeviceControlUSBBlockingLog = 1
EnableClientSendingSysLog = 1
ClientSendingSysLogServer = <SysLog_Server_Name>
ClientSendingSysLogUdpPort = <SysLog_Listening_Port> - Save the changes and close the file.
- Open the OfficeScan web console.
- Go to Networked Computers > Global Client Settings.
- Search for the keyword #AEGIS.
- Modify the SendLogPeriod value to 30 (i.e. SendLogPeriod=30). It changes the log sending interval of the Device Control Log to 30 seconds. The default value is 3600 seconds.
- Click Save to deploy the setting to all clients. The OSCE client program automatically installs the following registry keys:
Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
Key: EnableDeviceControlUSBBlockingLog
Type: DWORD
Value: 1
Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Syslog]
Key: EnableClientSendingSysLog
Type: DWORD
Value: 1
Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Syslog]
Key: Server
Type: STRING
Value: <SysLog_Server_Name>
Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Syslog]
Key: UdpPort
Type: DWORD
Value: <SysLog_Listening_Port>
OSCE clients should now be able to send Device Access Control blocking logs to the OSCE server and to deliver Device Control logs to a remote SysLog server.
- Behavior Monitoring feature should be enabled to get syslog notifications work.
- Syslog notification will be sent by each particular OSCE agent.