Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Splunk Application to display syslog of Control Manager (TMCM)

    • Updated:
    • 31 Jul 2017
    • Product/Version:
    • Control Manager 6.0
    • Platform:
    • Windows 2003 Server R2
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2012 Enterprise
    • Windows 2012 Standard R2
Summary

TMCM has a Proof-of-Concept (PoC) of building Splunk Application based on TMCM 6.0 and later versions. This article can be used as reference to allow the Splunk Application to display syslog of TMCM.

Details
Public

To configure the Splunk application, follow the steps below:

To use the LogForwarder Tool, do the following:

  1. Navigate to the TMCM installation folder and run LogForwarder.exe.

    Run LogForwarder

  2. Set the following:
    • Syslog server IP address
    • Syslog server port (default is 514 )
    • Preferred frequency
    • Preferred format
    • Log types preferred to forward to syslog server

    Change Logforwarder Settings

  3. Click Start.
  4. Click Yes to confirm the action of Log Forwarded. The Log Forwarder tool will now start to send logs to syslog server.

    Confirm Action

     
    Clicking Yes to confirm the Log Forwarder's action will restart the TMCM service, and the Log Forwarder console will close.
  1. Click Add data.

    Add Data

  2. Choose syslog.

    Choose syslog

  3. Choose Consume syslog over UDP.

    syslog over UDP

  4. Set the communication port, and choose syslogas the source type list.

    Select Source Type

  5. Check the readiness of syslog:
    1. Choose Manage Inputs.

      Manage Inputs

    2. Select UDP.

      Select UDP

    3. Check the setting, the following values should be seen:
      • UDP Port: 514
      • Source Type: syslog

      UDP Page

  1. From the APP menu, click Dashboard.

    Click Dashboards

  2. Click Create New Dashboard.

    New Dashboard

  3. Provide a title of your preference (e.g. Top 20 Threats), then click Create Dashboard.

    Dashboard Details

  4. Click Edit Source.

    Edit Source

  5. Paste the XML codes into editor, then click Save.

    XML Code

     
    A sample XML template can be downloaded here. This XML template is a sample and can be modified depending on what needs to be displayed on the dashboard that will be created.
  6. The new dashboard will read the TMCM logs and generate a panel similar to the image below:

    Dashboard Home

Premium
Internal
Rating:
Category:
Configure; Deploy; Migrate
Solution Id:
1117821
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.