Collect And Forward Trendmicro Worry Free Logs To Usm Anywhe

These are the steps I took to forward worry-free logs to the USM AnyWhere sensor:

Download and configure the script to get the worry-free logs: https://success.trendmicro.com/en-US/solution/KA-0007716

Create file /etc/rsyslog.d/forwardFiles.conf with this content:

$ModLoad imfile
$InputFileName /tmp/trendmico-worry-free.log
$InputFileTag worry-free
$InputFileSeverity info
$InputFileFacility local7
$InputRunFileMonitor

Create file /etc/rsyslog.d/forwardRules.conf with the following content and change the IP to the one for your sensor:

:programname, isequal, "worry-free"    @10.10.13.133

Reload rsyslog:

service rsyslog restart

Create file /usr/local/bin/getWorryFreeLogs.sh

#!/bin/bash

HOMEINSTALL=/home/soc/trendmicro/end_customer_v2/
LOGS=/home/soc/trendmicro/logs/
FINALLOG=/tmp/trendmico-worry-free.log

#Delete previous logs from previous iterations
touch $FINALLOG
truncate -s 0 $FINALLOG
rm -f $LOGS/*.log

#Getting new events from the API:
cd $HOMEINSTALL
python end_customer_query_logs.py 1>&2 2>/dev/null

#Finding files with latest events
logFiles=(`find $LOGS -type f -name '*.log'`)

#Send new events collected to a unified log file
for logFile in ${logFiles[*]}
do
        cat $logFile >> $FINALLOG
done

exit 0

Give execution permissions to the script:

chmod a+x /usr/local/bin/getWorryFreeLogs.sh

Create cron file /etc/cron.d/getWorryFreeLogs to collect logs automatically:

SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
4,19,34,49 * * * *   root       /usr/local/bin/getWorryFreeLogs.sh 1>&2 2>/dev/null
page revision: 1, last edited: 10 Sep 2024 10:58
Edit Tags History Files Print Site tools + Options
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License