Configuration Manager. For an introduction to Log-Message Forwarding, see What is Log-Message Forwarding?.
To configure TLC to forward log messages to one or more Forwarding Destinations:
| 1. | In the side bar, select Resources >Configuration Manager. |
| 2. | In the side bar of the Configuration Manager, select  Resources > Managers. |
| 3. | In the workspace, double-click the Manager. |
| 4. | Select the Advanced Settings tab. |
| 5. | To specify the Forwarding Destination(s): |
| a. | Click Add. TLC adds a row to the Advanced Options table. |
| b. | In the new row, mouse over the Advanced Option column to display the drop-down arrow. |
| c. | Select Log-Message Forwarding - Destinations from the drop-down. |
| d. | In the Value column, enter: |
<ip_address>:<port>:<protocol>
Where:
<ip_address> is the IP address of a Forwarding Destination,
<port> is the Forwarding Destination port to which log messages will be forwarded, and
<protocol> is the communication protocol to be used to forward log messages (either TCP or UDP).
|
Note |
UDP is faster than TCP. However, TCP is more reliable and secure. |
|---|
To enter multiple Forwarding Destinations, separate the destinations with commas. For example:
172.10.0.2:1468:tcp,172.10.0.3:1468:tcp
| e. | Click Apply. TLC sends a test message to the Forwarding Destination(s) and presents a dialog summarizing the test results. If the test is unsuccessful, TLC will not save your entry. Verify the accuracy of your entry in the Value column. |
| 6. | (Optional) To specify a maximum number of characters in log messages to be forwarded to the Forwarding Destination: |
| a. | ClickAdd. TLC adds a row to the Advanced Options table. |
| b. | In the new row, mouse over the Advanced Option column to display the drop-down arrow. |
| c. | Select Log-Message Forwarding - Forwarding message length from the Advanced Option drop-down. |
| d. | In the Value column, enter a number from 1,024 to 65,000 and press ENTER. |
| e. | Click Apply. |
|
Note |
If a log message contains more characters than this value, the Manager will remove the content exceeding this limit prior to forwarding the message to the Forwarding Destination(s). |
|---|
| 7. | (Optional) If you want TLC to spoof the source IP addresses of forwarded UDP packets, complete the following steps. (If done, the source IP address of outgoing network packets will appear as the address of the original Monitored Asset.) |
| a. | Install WinPCap 4.1.3 on the TLC Manager: |
https://www.winpcap.org/install/default.htm
| b. | In the the Advanced Options table of the Manager properties dialog, clickAdd. TLC adds a row to the table. |
| c. | In the new row, enter the following value in the Advanced Option column: |
advSettings:EF|udpSpoofPacketSrcIp
| d. | In the Value column, enter True and press ENTER. |
| e. | Click Apply. |
|
Tips |
If you uninstall WinPCap from a TLC Manager running Windows 2012 or Windows 2016, TLC will continue to forward UDP packets with spoofed addresses. To complete the uninstallation process, delete the following files and restart the system: %SYSTEM_32%\Packet.dll %SYSTEM_32%\wpcap.dll If a forwarded UDP packet does not present the IP address of the original Monitored Asset as the source IP address, open the TLC log file: C:\<TLC_Manager_install_dir>\Logs\/tlc.log Where <TLC_Manager_install_dir> is the installation directory for TLC Manager. If the log file contains the following entry, WinPCap 4.1.3 is not installed on the TLC Manager: !!ERROR: An error occurred while forwarding a custom UDP packet. "Please verify that WinPCap is installed and restart your TLC Manager service. |
|---|
|
Tip |
Your changes will not take effect until you push updates to your Managers (see Pushing Updates to your Managers). |
|---|