Configuring Log-Message Forwarding
For an introduction to Log-Message Forwarding, see What is Log-Message Forwarding?.
To configure TLC to forward log messages to one or more Forwarding Destinations:
1. | In the side bar, select Resources >Configuration Manager. |
2. | In the side bar of the Configuration Manager, select Resources >Managers. |
3. | In the workspace, double-click the Manager. |
4. | Select the Advanced Settings tab. |
5. | To specify the Forwarding Destination(s): |
a. | ClickAdd. TLC adds a row to the Advanced Options table. |
b. | In the new row, mouse over the Advanced Option column to display the drop-down arrow. |
c. | Select Log-Message Forwarding - Destinations from the drop-down. |
d. | In the Value column, enter: |
<ip_address>:<port>:<protocol>
Where:
<ip_address> is the IP address of a Forwarding Destination,
<port> is the Forwarding Destination port to which log messages will be forwarded, and
<protocol> is the communication protocol to be used to forward log messages (either TCP or UDP).
Note |
UDP is faster than TCP. However, TCP is more reliable and secure. |
---|
To enter multiple Forwarding Destinations, separate the destinations with commas. For example:
172.10.0.2:1468:tcp,172.10.0.3:1468:tcp
e. | Click Apply. TLC sends a test message to the Forwarding Destination(s) and presents a dialog summarizing the test results. If the test is unsuccessful, TLC will not save your entry. Verify the accuracy of your entry in the Value column. |
6. | (Optional) To specify a maximum number of characters in log messages to be forwarded to the Forwarding Destination: |
a. | ClickAdd. TLC adds a row to the Advanced Options table. |
b. | In the new row, mouse over the Advanced Option column to display the drop-down arrow. |
c. | Select Log-Message Forwarding - Forwarding message length from the Advanced Option drop-down. |
d. | In the Value column, enter a number from 1,024 to 65,000 and press ENTER. |
e. | Click Apply. |
Note |
If a log message contains more characters than this value, the Manager will remove the content exceeding this limit prior to forwarding the message to the Forwarding Destination(s). |
---|
7. | (Optional) This step only applies if you want TLC to spoof the items in forwarded UDP packets identified in Table 88. |
To spoof one of these items, complete the following steps:
a. | Install WinPCap 4.1.3 on the TLC Manager: |
https://www.winpcap.org/install/default.htm
b. | In the Advanced Options table of the Manager properties dialog, clickAdd. TLC adds a row to the table. |
c. | Complete the fields in the new table row (see Table 88) and press ENTER. |
d. | Click Apply. |
To spoof ... |
Advanced Options |
Value |
---|---|---|
... source IP addresses: |
advSettings:EF|udpSpoofPacketSrcIp Note: The source IP address of outgoing network packets will appear as the address of the original Monitored Asset. |
True |
... the source Port number: |
advSettings:EF|udpSpoofSourcePort Note: By default, the port will be a random number between 56000 and 56999. |
The desired Port number (other than 0) |
... the default gateway: |
advSettings:EF|udpSpoofGateway |
The desired IP address |
Tips |
If you uninstall WinPCap from a TLC Manager running Windows 2012 or Windows 2016, TLC will continue to forward UDP packets with spoofed addresses. To complete the uninstallation process, delete the following files and restart the system: %SYSTEM_32%\Packet.dll %SYSTEM_32%\wpcap.dll If a forwarded UDP packet does not present the IP address of the original Monitored Asset as the source IP address, open the TLC log file: C:\<TLC_Manager_install_dir>\Logs\/tlc.log Where <TLC_Manager_install_dir> is the installation directory for TLC Manager. If the log file contains the following entry, WinPCap 4.1.3 is not installed on the TLC Manager: !!ERROR: An error occurred while forwarding a custom UDP packet. "Please verify that WinPCap is installed and restart your TLC Manager service. |
---|
Tip |
Your changes will not take effect until you push updates to your Managers (see Pushing Updates to your Managers). |
---|