Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
app-115004630285.png

Wallix

Wallix normalizes Wallix events and enables you to analyze Wallix data using pre-set dashboard views.

Release Details
Version: 5.1.0
Release date: May 02, 2024
Supported On: Logpoint v7.4.0 or later for log source template
SHA 256: a73d76acc43b9f53ecc341a6c720d3c401c5d5b144554a5101c707c55eac3c10
Download

Package Details

Wallix components:

  1. Dashboard Package
    • LP_Wallix 
  2. Normalization Packages
    • LP_WALLIXBestSafe
    • LP_Wallix
    • LP_Wallix Generic 

 

Enhancement

Description Issue ID Reference ID
Added Syslog Collector based Wallix log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template.

KB-22730

 -

Installation

To install Wallix:

  1. Download the .pak file from the Download link above. 
  2. Go to Settings >> System Settings from the navigation bar and click Applications.
  3. Click Import.
  4. Browse to the downloaded .pak file.
  5. Click Upload.

Past Releases

Wallix v5.0.1

Release Date: January 04, 2021

Supported On: Logpoint v6.7.0 and later

Download: Wallix_5.0.1.pak

SHA256: aa7907e0d117272d1b65742d8aa5fdcaf3fb8648e8e44485f53ff1eefd5475a1

Enhancement

New signatures have been added in the LP_Wallix normalization package to support the Wallix logs.

Supported Versions

  • Wallix v10.x

  • Wallix AdminBastion v4.2.3 build 24048 (wab-4.2.3.0-wallix1)

  • Wallix Proxy WPA R50 4.2.1

Log Formats

Expected Log Format

Wallix

Log Format

Key = Value pair

Log Samples

<14>1 2020-04-27T10:40:06+02:00 PRDWALLIX rdpproxy 8021 - - [RDP Session] session_id="171xxxxxxxxxxxxxxxxxxxxx" client_ip="1.1.1.1" target_ip="1.1.1.2" user="abc@lp.com" device="ABC" service="RDP" account="bc@lp.coml" type="CB_COPYING_PASTING_DATA_TO_REMOTE_SESSION_EX" format="CF_UNICODETEXT(13)" size="1234" partial_data="UPDATE sb_xxxxxxxxx_data SET pcr_sg_res='', pcr_sg='0', pcr_sg_res='', pcr_ur='0', pcr_ur_res='', igm_sg='1', igm_sg_res='1', igg_sg='1', igg_sg_res='2', dc='' WHERE id_data = 291;\r\nUPDATE sbxxxxxxxxxx_data SET pcr_sg_res='', pcr_sg='0', pcr_sg_res='', pcr"

Expected Log Format

Wallix BestSafe

Log Format

Comma-separated 

Log Samples

"SBS","SBSAGENT","v4.0.0","2020.03.23","21:11:28","2020.03.23","22:11:28", "xxx.xxx.x.x","BLOCKED","xxxx","xxxxx\xxxxx", "0x00000000","0/0", "cmd.exe", "No", "Windows Command Processor","xxx.xxx.xxxx.1 WinBuild.160101.0800)", "Cmd.Exe.MUI", ""C:\Windows\system32\cmd.exe"", "3xxx", "6xxx", "C:\Windows\Explorer.EXE","{XXX}"

Expected Log Format

Wallix Generic

Log Samples

Jan 15 14:20:06 xxxxx kernel: [ 0.000000] 889MB LOWMEM available.

To export data to Logpoint, use the Syslog collector on port 514 of the Logpoint server.

Wallix v5.0.0

Enhancement

A minor update in the Wallix's normalizer for better signature handling.

Support

If you have any questions or require assistance, create a support ticket.

Comments

Article is closed for comments.

Follow

Related articles

  • Windows
  • Vade Retro AntiSpam
  • PRTG Network Monitor
  • Watchguard Firewall
  • Universal Normalizer
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.