Documentation Center
AlienVault® USM Anywhere™

Log Collection from Your Data Sources

You configure your third-party devices, systems, and applications to transmit generated log data to your USM Anywhere Sensor, to a location that the Sensor can query, or directly to USM Anywhere from a registered AlienVault Agent. Your data sources can produce the data using various formats that are compatible with USM Anywhere data pluginsPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities..

  • TXT
  • CEF
  • CSV
  • JSON

Data Collection by Sensor Apps

When log data is transmitted directly to a USM Anywhere Sensor, a Sensor App collects this data according to the identified log message protocol.

Sensor App Functional support

Syslog Server

Passively collects syslog data transmitted to the USM Anywhere Sensor. For more information, see The Syslog Server Sensor App.

The Syslog Server app is supported on all USM Anywhere Sensor types.

Graylog (GELF)

Passively collects GELF data transmitted to the USM Anywhere Sensor. For more information, see The Graylog (GELF) Sensor App.

The Graylog app is supported on all USM Anywhere Sensor types.

Amazon Web Services

Collects data from AWS logging services and performs queries to collect log data stored in an S3 repository within your AWS environment. For more information about built-in support for AWS logs, see AWS Log Discovery and Collection in USM Anywhere.

The AWS app is supported only on the AWS sensor.

Azure

Collects data from Azure logging services configured within your Azure environment. For more information about built-in support for Azure logs, see Azure Log Discovery and Collection in USM Anywhere.

The Azure app is supported only on the Azure sensor.

Host-Based Log Collection

USM Anywhere provides the AlienVault Agent, which you can install on your endpoints to centralize the collection and analysis of event logs from remote servers and desktops, making it easier to track the health and security of these systems. It also supports host-based log collection through manual installation and configuration of NXLog and osquery.

Note: With the addition of the AlienVault Agent, USM Anywhere provides an easier implementation of HIDS, FIM, and endpoint log collection across your Windows and Linux environments in the cloud and on premises. If you already have NXLog or osquery installed and configured on your endpoints to forward events to a USM Anywhere Sensor, these methods are still supported and you do not need to replace them.

Refer to the following topics for detailed information about sending log data from your host systems.

Log Collection by AlienApps

Many AlienApps use API and system integrations to actively collect data directly from a third-party device or service. For detailed information about these integrations, see the following topics.

Log Collection from Various Third-Party Devices and Systems

To support the wide array of third-party devices and systems you may have in your environments, AlienVault provides integration information to assist you with configuration of the most commonly-used external data sources to send log data to a USM Anywhere Sensor, how to select and enable the plugin in USM Anywhere, the event fields generated by the plugin, and where to obtain additional configuration and troubleshooting information from the data source vendor's web site.

To access this detailed integration information, see Supported USM Anywhere Plugins for Common Data Sources.