Hello everybody,
I'm new in this community and today I have a problem with the configuration file "SophosLogWriterConfig.xml".
So, I modify this file for generate logs files but there are nothing. Files are created but no lines into this files.
I think that it the line "<datasource> </datasource>" that I bad configured.
# ---------------------------------------------- #
Bonjour tous le monde,
Je suis nouveau sur cette commauté et aujourd'*** j'ai un problème avec le fichier de configuration "SophosLogWriterConfig.xml".
Donc, j'ai modifié ce fichier pour générer des fichiers de logs mais il n'y a rien. Les fichiers sont bien créés mais il n'y a aucunes lignes à l'intérieur.
Je pense que ça viens de la ligne "<datasource> </datasource>" que j'ai surement mal configuré.
# --------------------------------------------- #
I post configuration files that I modify :
- Main configuration file "SophosLogWriterConfig.xml":
<?xml version="1.0" encoding="utf-8" ?> <SophosDatafeed xmlns="http://www.sophos.com/msys/LogWriterConfig.xsd"> <connection> <connectionString>Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=SOPHOS[SECVersion];Data Source= [SERVER]\[INSTANCE]</connectionString> </connection> <noOfDays>7</noOfDays> <lagTime>1</lagTime> <datafeeds> <datafeed> <tick>300</tick> <logFile logType="LogFile"> <noOfBackupFiles>5</noOfBackupFiles> <fileSize>1MB</fileSize> <outputLocation>.\Log Files</outputLocation> <outputFilename>ApplicationControl.log</outputFilename> </logFile> <call callID="ApplicationControl"> <dataSource>ApplicationControlData</dataSource> <dataConfigurationLocation>.\Configuration Files</dataConfigurationLocation> <dataConfigurationFile>ApplicationControl.config</dataConfigurationFile> </call> </datafeed> <datafeed> <tick>300</tick> <logFile logType="LogFile"> <noOfBackupFiles>5</noOfBackupFiles> <fileSize>1MB</fileSize> <outputLocation>.\Log Files</outputLocation> <outputFilename>Threats.log</outputFilename> </logFile> <call callID="Threats"> <dataSource>ThreatEventData</dataSource> <dataConfigurationLocation>.\Configuration Files</dataConfigurationLocation> <dataConfigurationFile>Threats.config</dataConfigurationFile> </call> </datafeed> <datafeed> <tick>300</tick> <logFile logType="LogFile"> <noOfBackupFiles>5</noOfBackupFiles> <fileSize>1MB</fileSize> <outputLocation>.\Log Files</outputLocation> <outputFilename>ComputerControl.log</outputFilename> </logFile> <call callID="ComputerControl"> <dataSource>PolicyComplianceData</dataSource> <dataConfigurationLocation>.\Configuration Files</dataConfigurationLocation> <dataConfigurationFile>ComputerControl.config</dataConfigurationFile> </call> </datafeed> <datafeed> <tick>300</tick> <logFile logType="LogFile"> <noOfBackupFiles>5</noOfBackupFiles> <fileSize>1MB</fileSize> <outputLocation>.\Log Files</outputLocation> <outputFilename>GroupControl.log</outputFilename> </logFile> <call callID="GroupControl"> <dataSource>GroupPathAndNameData</dataSource> <dataConfigurationLocation>.\Configuration Files</dataConfigurationLocation> <dataConfigurationFile>GroupControl.config</dataConfigurationFile> </call> </datafeed> </datafeeds> </SophosDatafeed>
- Configuration file "ApplicationControl.config" :
<?xml version="1.0" encoding="utf-8" ?>
<LogFile>
<Events>
<field name="InsertedAt" link="InsertedAt" enabled="1" />
<field name="EventID" link="EventID" enabled="0"/>
<field name="EventTime" link="EventTime" enabled="0"/>
<field name="EventTypeID" link="EventTypeID" enabled="0" />
<field name="EventType" link="EventTypeName" enabled="1"/>
<field name="Name" link="Name" enabled="1"/>
<field name="ReportingName" link="ReportingName" enabled="1"/>
<field name="UserName" link="UserName" enabled="1"/>
<field name="ActionID" link="ActionID" enabled="0" />
<field name="Action" link="ActionName" enabled="1"/>
<field name="ScanTypeID" link="ScanTypeID" enabled="0" />
<field name="ScanType" link="ScanTypeName" enabled="1"/>
<field name="SubTypeID" link="SubTypeID" enabled="0" />
<field name="SubType" link="SubTypeName" enabled="1"/>
<field name="ComputerName" link="ComputerName" enabled="1" />
<field name="ComputerDomain" link="ComputerDomain" enabled="1" />
<field name="ComputerIPAddress" link="ComputerIPAddress" enabled="1" />
</Events>
</LogFile>- Configuration file "Threats.config" :
<?xml version="1.0" encoding="utf-8" ?>
<LogFile>
<Events>
<field name="InsertedAt" link="InsertedAt" enabled="1" />
<field name="EventID" link="EventID" enabled="0" />
<field name="EventTime" link="EventTime" enabled="0"/>
<field name="ActionTakenID" link="ActionTakenID" enabled="0" />
<field name="ActionTaken" link="ActionTakenName" enabled="1" />
<field name="UserName" link="UserName" enabled="1" />
<field name="ScannerTypeID" link="ScannerTypeID" enabled="0" />
<field name="ScannerType" link="ScannerTypeName" enabled="1" />
<field name="StatusID" link="StatusID" enabled="0" />
<field name="Status" link="StatusName" enabled="1" />
<field name="ThreatTypeID" link="ThreatTypeID" enabled="1" />
<field name="ThreatType" link="ThreatTypeName" enabled="1" />
<field name="ThreatName" link="ThreatName" enabled="1" />
<field name="FullFilePath" link="FullFilePath" enabled="1" />
<field name="ComputerName" link="ComputerName" enabled="1" />
<field name="ComputerDomain" link="ComputerDomain" enabled="1" />
<field name="ComputerIPAddress" link="ComputerIPAddress" enabled="1" />
</Events>
</LogFile>- Configuration file "ComputerControl.config" :
<?xml version="1.0" encoding="utf-8" ?>
<LogFile>
<Events>
<field name="ComputerID" link="ComputerID" enabled="1"/>
<field name="Name" link="Name" enabled="1"/>
<field name="Domain" link="Domain" enabled="1"/>
<field name="IPAddress" link="IPAddress" enabled="1"/>
<field name="Description" link="Descritpion" enabled="1"/>
<field name="LastMessageReceivedTime" link="LastMessageReceivedTime" enabled="1"/>
<field name="PolicyTypeName" link="PolicyTypeName" enabled="1"/>
<field name="ComplianceName" link="ComplianceName" enabled="1"/>
</Events>
</LogFile>- Configuration file "GroupControl.config" :
<?xml version="1.0" encoding="utf-8" ?>
<LogFile>
<Events>
<field name="ComputerID" link="ComputerID" enabled="1"/>
<field name="PathAndName" link="PathAndName" enabled="1"/>
<field name="Depth" link="Depth" enabled="1"/>
<field name="IPAddress" link="IPAddress" enabled="1"/>
<field name="Description" link="Descritpion" enabled="1"/>
<field name="LastMessageReceivedTime" link="LastMessageReceivedTime" enabled="1"/>
<field name="PolicyTypeName" link="PolicyTypeName" enabled="1"/>
<field name="ComplianceName" link="ComplianceName" enabled="1"/>
</Events>
</LogFile>Help me pleaaaase :smileysad:
This thread was automatically locked due to age.