Documentation Center
AlienVault® USM Appliance™

NBS System Naxsi

When you configure NBS System Naxsi to send log data to USM Appliance, you can use the NBS System Naxsi plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor NBS System
Device Type Firewall
Connection Type Syslog
Data Source Name Naxsi
Data Source ID 1893

Integrating NBS System Naxsi

NBS System Naxsi is a service installed on systems running a Linux-based OS. To send logs collected from Linux built-in services, you just need to add an rsyslog configuration file that reads from a specified file and redirects the logs to USM Appliance. Before you configure the NBS System Naxsi integration, you must have the IP Address of the USM Appliance Sensor.

To configure NBS System Naxsi to send Syslog messages to USM Appliance

  1. Create a new rsyslog configuration file with the following entries:
  2. $ModLoad imfile

     

    $InputFileName /var/log/nginx/error.log

    $InputFileTag naxsi

    $InputFileStateFile naxsi-events

    $InputFileSeverity error

    $InputFileFacility local7

    $InputRunFileMonitor

     

    *.* @<USM Appliance>:514

  3. Save the rsyslog configuration file and restart rsyslog.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://github.com/nbs-system/naxsi/wiki

For troubleshooting, refer to the vendor documentation:

http://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html