Step 7. Confirm Log-Message Collection

At this point in the configuration process, TLC should be collecting log messages from your Monitored Assets' Log Sources.

If you are using a File Collector, complete the following steps to confirm log-message collection for each of the Collector's Monitored Assets:

1.

In the side bar, select Events >Audit LoggerThe TLC Console1. Tripwire Log Center Console is the software for the TLC graphic user interface (GUI), or 2. The Tripwire Log Center GUI. Through the TLC Console, you can configure TLC, oversee your TLC environment, and manage log and event data. component in which you can work with the log messages collected by TLC..

2.

In the Audit Logger, click the Query tab.

3.

To view the log messages received by a Monitored AssetAn object in the TLC Configuration Manager that represents a Log SourceAny log-generating application, operating-system service, database instance, or device from which TLC collects log messages. from which TLC collects log messages directly.'s Log Source:

a.

From the Monitored Assets drop-down lists, select IP Address from the first drop-down and the Monitored AssetA Log Source in your TLC environment. See Monitored Assets and Discovered Assets.'s Log Source from the second drop-down.

b.

Click Start.

TLC opens the Query Results - Log Messages tab in the Audit Logger. If this tab contains any log messages, then the Monitored Asset has been properly configured. For more information, see Working with Audit Logger Queries.

Note	If the Monitored Asset is a scannerA device that monitors systems in your TLC environment (for example, a vulnerability scanner). (see What are Scanner Events?), collected events will not appear in the Audit Logger. To confirm the collection of Scanner Events, see Working with a Scanner Event.

For each of your other Collectors, complete the following steps to confirm log-message collection for each of the Collector's Log Sources:

1.

In the side bar, select Events >Real-Time Event ViewerA TLC Console component that displays log messages as they are collected by TLC..

2.

In the IP-address filter field, enter the IP address of the Log Source and click Start.

If TLC displays log messages in the Real-Time Event Viewer, then the Monitored Asset has been properly configured. For more information, see Viewing Log Messages in the Real-Time Event Viewer.