This topic describes external event logging options.
| Field |
Description |
|---|---|
|
|
Determines whether event information is output to another server for further analysis using a Syslog management tool. If selected, you must specify a Syslog server address and listening port. This option is OFF by default. See the VMware Carbon Black App Control Events Guide for guidance on using event output together with your Syslog management tools. |
|
|
IP address for a Syslog server (optional). If you specify a Syslog address, you must also enter a port for the server. No error is reported if you set the Syslog address or port incorrectly. To verify that Syslog address is correctly set, confirm the receipt of events on the Syslog server after you have completed the configuration. |
|
|
Port number for a Syslog server. Events directed to the listening port include activity messages such as blocked files, new files on the system, and changes to login accounts. If you export event data, events continue to be written to the Events page, which is accessible from the Carbon Black App Control Console. If you specify a Syslog port, you must enter an address for the Syslog server. |
|
|
One of the following:
See the VMware Carbon Black App Control Events Guide for more information on Syslog formats that Carbon Black App Control supports, and how to map events to them. |
|
|
Determines whether process command lines are included in syslog output. Not selected by default. Passwords can be specified on the command line, so sending command line output to an external server can be inappropriate. |
|
|
To enable use of an external SQL database, select the check box. To deactivate reporting of events to the external database, deselect the check box. |
|
|
Identifies the external database. This value varies depending on whether you use manual authentication or NT authentication. |
