Sentrigo Hedgehog
You can integrate a Sentrigo Hedgehog device with JSA.
A Sentrigo Hedgehog device accepts LEEF events by using syslog. Before you configure JSA to integrate with a Sentrigo Hedgehog device, take the following steps:
- Log in to the Sentrigo Hedgehog command-line interface (CLI).
- Open the following file for editing:
<Installation directory>/conf/sentrigo-custom.propertiesWhere <Installation directory> is the directory that contains your Sentrigo Hedgehog installation.
- Add the following log.format entries to the
custom properties file:Note:
Depending on your Sentrigo Hedgehog configuration or installation, you might need to replace or overwrite the existing log.format entry.
sentrigo.comm.ListenAddress=1996 log.format.body.custom=usrName=$osUser:20$|duser=$execUser:20$| severity=$severity$|identHostName=$sourceHost$|src=$sourceIP$| dst=$agent.ip$|devTime=$logonTime$| devTimeFormat=EEE MMM dd HH:mm:ss z yyyy| cmdType=$cmdType$|externalId=$id$| execTime=$executionTime.time$| dstServiceName=$database.name:20$| srcHost=$sourceHost:30$|execProgram=$execProgram:20$| cmdType=$cmdType:15$|oper=$operation:225$| accessedObj=$accessedObjects.name:200$
log.format.header.custom=LEEF:1.0| Sentrigo|Hedgehog|$serverVersion$|$rules.name:150$| log.format.header.escaping.custom=\\| log.format.header.seperator.custom=, log.format.header.escape.char.custom=\\ log.format.body.escaping.custom=\= log.format.body.escape.char.custom=\\ log.format.body.seperator.custom=| log.format.empty.value.custom=NULL log.format.length.value.custom=10000 log.format.convert.newline.custom=true
- Save the custom properties file.
- Stop and restart your Sentrigo Hedgehog service to implement
the log.format changes.
You can now configure the log source in JSA.
- To configure JSA to receive events from a
Sentrigo Hedgehog device: From the Log Source Type list,
select the Sentrigo Hedgehog option.
For more information about Sentrigo Hedgehog see your vendor documentation.