# Adiscon Configformat # This is the formal definition of the Adiscon Configformat, which will be used in future versions of Adiscon products. # This is a working document which will proberly still change # Globale Configurations general(name="License") { $nLicenseKey1 425022 $nLicenseKey4 98436 $nLicenseKey3 26221 $szLicensee JAMware $nLicenseKey2 13533 $nLicenseKey5 62608 } general(name="General") { $nTimeMode 1 $nSystemID 0 $szMIBSPath C:\\Program Files (x86)\\MonitorWare\\Agent\\mibs $nJapanStringHandling off $nEnableEventlogWarnings off $nProcessPriority 3 $nProtectAgainstShutdown off $nCustomerID 0 $nQueueLimit 20000 } general(name="Debug") { $nDebugUltra on $nDebugRuleEngine on $nCircularLogging on $szDebugFileName C:\\Users\\Jackie\\AppData\\Local\\Temp\\MonitorWare Agent Debug.txt $nMaxFileSize 51200 $nDebugMini on $nEnableDebugOutput off $nDebugInternal on $nDebugErrors on $nNumberOfLogfiles 10 } general(name="Engine") { $nEnableDNSCache on $bAbortRuleOnFailure off $nDNSInetProtocol 2 $nDNSCacheTime 7200000 $nRetryCount 1 $nRetryPeriod 100 $nEnableRetry off $nLibCacheTimeOut 1800000 $nDNSCacheLimit 1024 } general(name="QueueManager") { $nProcessingLow 0 $nRingBufferSize 1 $nWorkerThreads 2 $nSavingLow 0 $szRingBufferFile C:\\Program Files (x86)\\MonitorWare\\Agent\\MWQueueBuffer.dat $nEnableRingBuffer off } # Service Configurations input(type="1" name="Syslog Server") { $nSaveSourceIntoProperty off $nUseSSL off groupsetting(name="tlsallowedentries" nEntriesCount="0") { } $nRFC5424AddProcID2SyslogTag off $szTLSKeyFile $nListenPort 514 $szMyIPAddress 0.0.0.0 $nForceUTF8Decoding off $nTryDetectMessageEncoding on $nTimeOutMsg 15000 $nEntriesCount 0 $szTCPMsgSep \\n $nEnableTCPMsgSep on $nTakeSourceSysFromSyslogMsg off $nTimeOutSession 900000 $nEscapeControlCharacters off $nResolveNames on $nProtocolType 1 $nTLSMode 0 $nRFC3164Parsing on $szSaveSourceProperty sourceorig $szTLSCertFile $szComments $nInfoSourceVersion 1 $szRuleSetName Full Monitoring $nEnableMultiCastGroup off $szMyGuid \{A7FF03D4-8AA5-492E-996E-C330ACA4B79D\} $nISType 1 $szISName Syslog Server $szTLSCAFile $nRFC5424Parsing on $szMultiCastAddress 224.0.0.1 $nInetType 2 $bServiceEnabled on $nParseSyslogDate off } # RuleSets Configurations ruleset(name="Full Monitoring" rulecount="2" expanded="on") { rule(name="Syslog Fwd" actioncount="1" expanded="on" actionexpanded="on" ThreatNotFoundFilters="off" GlobalCondProperty="off" GlobalCondPropertyString="" ProcessRuleMode="0" ProcessRuleDate="421200") { action(type="1001" name="Syslog Forwarding") { $szMyGuid \{4e9e1869-6ec8-4861-950f-a3ab2ad786d4\} $szActionName Send Syslog $nOutputEncoding 0 $szSpoofedIPAddress %source% $bProcessDuringRelay 1 $nForwardIUT off $nDiskQueueMaxFileSize 10485760 $szCustomSyslogHeader <%syslogprifac%>%syslogver% %timereported:::date-rfc3339% %source% %syslogappname% %syslogprocid% %syslogmsgid% %syslogstructdata% $nSyslogInsertSource on $nReportInJSON off $szMessageFormat %msg% $szTLSKeyFile $nTimeoutValue 1800000 $nUseCompression off $nUseDiscQueue off $nSyslogPortBackup 514 $szTLSCAFile $nCompressionLevel 9 $szComments $nActionType 1001 $szSyslogServerBackup $nDiskCacheWait 15000 $nType 0 $nUseSSL off $nEnableBackupServer off $szDiskQueueDirectory C:\\Program Files (x86)\\MonitorWare\\Agent $nSpoofIPAddress off $nTLSMode 0 $nSyslogSendPort 10514 $bReportInXML off $szSyslogSendServer 127.0.0.1 $szTLSCertFile $bActionEnabled on } filter(nTabSelection="0") { $nOperationType AND $PropertyType NOTNEEDED $PropertyValueType NOTNEEDED $CompareOperation EQUAL $nOptionalValue 0 $nSaveIntoProperty 0 $szSaveIntoPropertyName FilterMatch } } rule(name="Write to File" actioncount="1" expanded="on" actionexpanded="on" ThreatNotFoundFilters="off" GlobalCondProperty="off" GlobalCondPropertyString="" ProcessRuleMode="0" ProcessRuleDate="280800") { action(type="1003" name="File") { $szActionName Write File $nSegmentFileBySize 4096 $nFileDateTimeReported on $nFileFormat 0 $nReUseFile off $szFilePath E:\\WinSyslog $szFileExtension log $nIncludeSourceInFilename off $nUniqueFileName on $nFilePriority on $szLineFormat %msg%%$CRLF% $nEnablePropertyFileName off $nIncludeMessage on $nNumberOfLogfiles 10 $nOutputEncoding 0 $nFileSource on $nSegmentFileEnable on $szComments $nUseUTCInFileName off $nActionType 1003 $nMaxFileSize 4096 $szFileBaseName MonitorWare Agent $nIncludeRAWMessage off $nCircularLogging 0 $nFileDateTime on $nUseUTCForTimestamps off $nFileFacility on $nUseXMLtoReport off $bActionEnabled on } filter(nTabSelection="0") { $nOperationType AND $PropertyType NOTNEEDED $PropertyValueType NOTNEEDED $CompareOperation EQUAL $nOptionalValue 0 $nSaveIntoProperty 0 $szSaveIntoPropertyName FilterMatch } } }