General Description
The ARPGuard application normalizes ARPGuard events. You can further customize the searches to perform in-depth analysis.
Release Details
Fields |
Details |
---|---|
Name |
ARPGuard |
Version |
5.0.1 |
Supported On |
LogPoint v6.7.0 and later |
Release Date |
2020-05-14 |
Document Date | 2020-05-14 |
Download | ARPGuard_5.0.1.pak |
SHA256 |
4e8c031fa4e8c7152db61e842e076d51f7d046136085f6d30ad478d1473e87ce |
Package Details
The application consists of the following components:
- Normalization Package
- LP_ARP Guard
- Compiled Normalizer
- ARPGuardCompiledNormalizer
Enhancement
A minor update has been done in the application’s normalizer for better signature handling.
Installation
Follow these steps to install the ARPGuard v5.0.1 application:
- Download the ARPGuard package from the Download section above.
- Add ARPGuard as the required device in LogPoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
Supported Device
The supported device of ARPGuard with LogPoint in this configuration is:
- ARP Guard
Log Format
Expected Log Format
Syslog
Log Sample
<5>Aug 24 13:39:52 ARP-GUARD: New AAA event "start" message "Note: Device has been authenticated" client MAC "XX-XX-XX-XX-XX-XX" switch IP "1.1.1.1" switch port "X" RADIUS called station ID "XX-XX-XX-XX-XX-XX:AAAAAAAAA"
To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.
Release Details
Fields |
Details |
---|---|
Name |
ARPGuard |
Version |
3.2.0 |
Supported On |
LogPoint v6.0.0 to v6.6.6 |
Release Date |
2020-05-14 |
Document Date | 2020-05-14 |
Download | ARPGuard_3.2.0.pak |
SHA256 |
9dd66ca33d0960bb309d5151c4fd5d9d24ffa5b4a8660ac2d8241767639bccb6 |
Package Details
The application consists of the following components:
- Normalization Package
- LP_ARP Guard
- Compiled Normalizer
- ARPGuardCompiledNormalizer
Enhancement
A minor update has been done in the application’s normalizer for better signature handling.
Installation
Follow these steps to install the ARPGuard v3.2.0 application:
- Download the ARPGuard package from the Download section above.
- Add ARPGuard as the required device in LogPoint.
- Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
Supported Device
The supported device of ARPGuard with LogPoint in this configuration is:
- ARP Guard
Log Format
Expected Log Format
Syslog
Log Sample
<5>Aug 24 13:39:52 ARP-GUARD: New AAA event "start" message "Note: Device has been authenticated" client MAC "XX-XX-XX-XX-XX-XX" switch IP "1.1.1.1" switch port "X" RADIUS called station ID "XX-XX-XX-XX-XX-XX:AAAAAAAAA"
To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.
Support
If you have any queries or require assistance, please feel free to contact our support team:
Email: servicedesk@logpoint.com
Phone: +45 7060 6100
Best regards,
Comments
Article is closed for comments.