Documentation Center
AlienVault® USM Anywhere™

Manual Plugin Management

  Role Availability   Read-Only   Analyst   Manager

If USM Anywhere receives syslogAn industry standard message logging system that is used on many devices and platforms. log data from an external data source (device, application, or operation system) and that data is not automatically matched with a plugin through hints (see Auto-discovered Plugins), you must manually associate the required plugin with the assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. in USM Anywhere. There are two methods for creating these associations:

  • Manage the plugin by adding one or more assets that require that plugin for parsing and normalizing log data.
  • Manage an asset by adding one or more plugins that are needed for parsing and normalizing log data.

You can use a combination of these methods to ensure that USM Anywhere can identify the correct plugin(s) for the log data it receives from an asset.

Important: If you create a manual plugin association for an asset and that asset produces multiple log types that require processing by more than one plugin, you must create a manual association for each plugin, including auto-discovered plugins. Any specified plugin association for an asset disables the use of hints and only specified plugins are considered for parsing and normalizing a log message.