Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring agents/clients to transmit Device Control logs and DAC USB blocking logs to remote Syslog or OfficeScan (OSCE) servers

    • Updated:
    • 17 Oct 2016
    • Product/Version:
    • OfficeScan 11.0
    • OfficeScan XG.All
    • Platform:
    • Windows 2012 Standard R2
Summary

This article describes how to set up OSCE clients to send Device Access Control (DAC) USB blocking logs to the OSCE server and send Device Control logs to a specific remote Syslog server.

Details
Public

To configure OSCE clients to deliver logs to the OSCE server or a particular remote SysLog server:

  1. Go to the OSCE server’s \PCCSRV\ folder.
  2. Open the Ofcscan.ini file.
  3. Proceed to the Global Setting section.
  4. Add the following keys:

    [Global Setting]
    EnableDeviceControlUSBBlockingLog = 1
    EnableClientSendingSysLog = 1
    ClientSendingSysLogServer = <SysLog_Server_Name>
    ClientSendingSysLogUdpPort = <SysLog_Listening_Port>

  5. Save the changes and close the file.
  6. Open the OfficeScan web console.
  7. Go to Networked Computers > Global Client Settings.
  8. Search for the keyword #AEGIS.
  9. Modify the SendLogPeriod value to 30 (i.e. SendLogPeriod=30). It changes the log sending interval of the Device Control Log to 30 seconds. The default value is 3600 seconds.
  10. Click Save to deploy the setting to all clients. The OSCE client program automatically installs the following registry keys:

    Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.]
    Key: EnableDeviceControlUSBBlockingLog
    Type: DWORD
    Value: 1

    Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Syslog]
    Key: EnableClientSendingSysLog
    Type: DWORD
    Value: 1

    Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Syslog]
    Key: Server
    Type: STRING
    Value: <SysLog_Server_Name>

    Path: [HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Syslog]
    Key: UdpPort
    Type: DWORD
    Value: <SysLog_Listening_Port>

OSCE clients should now be able to send Device Access Control blocking logs to the OSCE server and to deliver Device Control logs to a remote SysLog server.

 
  • Behavior Monitoring feature should be enabled to get syslog notifications work.
  • Syslog notification will be sent by each particular OSCE agent.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1112624
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.