步骤三:将Windows主机添加为资产

<section><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps"><li class="li step stepexpand"> <span class="ph cmd">登录<a class="xref" href="https://www.ocftcloud.com/console/vpc/nat/list" target="_blank" rel="external noopener">NAT网关控制台</a>,选择<span class="ph uicontrol">安全组</span>,单击日志审计服务器名称进入<span class="keyword wintitle">安全组详情</span>页面, 依次单击<span class="ph uicontrol">安全组规则</span>、<span class="ph uicontrol">添加安全组</span>进入<span class="keyword wintitle">添加规则</span>页面,放行需要发送日志的客户端IP与端口号,如下图所示。</span> <div class="itemgroup info"> <img class="image" id="addWin__image_yn5_hjn_prg" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112056-15c0d63c90f8.png" width="600"> <div class="note important note_important" id="addWin__note_c1q_nzy_ysb"><span class="note__title">重要:</span> Syslog发送日志默认端口号为514,若资产发送日志使用的端口不是514,此处需要修改为资产发送日志使用的端口号与协议;授权IP即资产所在网段。其他配置项与上图保持一致即可。</div> </div> </li><li class="li step stepexpand"> <span class="ph cmd">登录<a class="xref" href="https://www.ocftcloud.com/console/log-audit" target="_blank" rel="external noopener">安全日志审计SLA控制台</a>,进入<span class="keyword wintitle">实例列表</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">单击目标实例<span class="ph uicontrol"> 操作</span>列的<span class="ph uicontrol">管理</span>,进入安全日志审计控制台。</span> <div class="itemgroup info"> <img class="image" id="addWin__d22e53" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112057-1ecc508f988a.png" width="830"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在页面上边栏选择<span class="ph uicontrol">资产管理</span>,在左侧菜单栏选择<span class="ph menucascade"><span class="ph uicontrol">资产</span><abbr> > </abbr><span class="ph uicontrol">发现资产</span></span>,进入<span class="keyword wintitle">发现资产</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">找到安装并启动过nxlog-ce的windows主机(IP为10.20.90.184),并将资产类型设置为Windows,编码设置为utf-8,单击<span class="ph uicontrol">确定</span>添加资产。</span> <div class="itemgroup info"> <img class="image" id="addWin__image_i3r_zlw_ssb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112055-13dc47dd9838.png" width="800"> <div class="note note note_note" id="addWin__note_eqd_dmw_ssb"><span class="note__title">说明:</span> <div class="p">若没有找到安装并启动过nxlog-ce的windows主机,请先排查以下几种可能原因:<ul class="ul" id="addWin__ul_a1n_fmw_ssb"> <li class="li">检查nxlog.conf文件中配置的安全日志审计服务的IP是否正确。</li> <li class="li">windows服务器到安全日志审计服务之间是否网络互通。</li> <li class="li">windows服务器到安全日志审计服务的514端口是否能正常访问, 是否有防火墙限制。</li> <li class="li">在windows服务器安装wireshark抓包排查nxlog-ce是否有正常采集到日志,并发送到安全日志审计服务。</li> <li class="li">在安全日志审计服务上抓包,排查本端是否正常接收到windows服务器发送过来的syslog报文。</li> </ul></div> <p class="p"> 若经过以上排查均未能解决问题,请提交<a class="xref" href="https://www.ocftcloud.com/console/workorder/create" target="_blank" rel="external noopener">工单</a>联系技术人员处理。</p> </div> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在<span class="keyword wintitle">全部资产</span>页面,找到IP地址为IP为10.20.90.184的资产,在<span class="keyword wintitle">编辑资产</span>页面启用资产重识别,单击<span class="ph uicontrol">保存</span>。</span> <div class="itemgroup info"> <img class="image" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112055-19dea5fb9ec2.png" width="700"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在<span class="keyword wintitle">全部资产</span>页面,单击<span class="ph uicontrol">新增</span>进入<span class="keyword wintitle">新增资产</span>页面,新增一个类型为<strong class="ph b">Windows服务器</strong>的资产,并进行如下配置:</span> <ol type="a" class="ol substeps" id="addWin__substeps_fxy_jxw_ssb"> <li class="li substep substepexpand"> <span class="ph cmd">设置资产别名为<strong class="ph b">nginx</strong>(资产别名必须跟nxlog.conf中设置的名称一致),单击<span class="ph uicontrol">保存</span>。</span> <div class="itemgroup info"> <img class="image" id="addWin__image_pgd_zww_ssb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112055-17d091ca9261.png" width="250"> </div> </li> <li class="li substep substepexpand"> <span class="ph cmd">设置资产识别信息为1.1.1.1(需要设置成10.20.90.184以外的IP),单击<span class="ph uicontrol">保存</span>。</span> <div class="itemgroup info"> <img class="image" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112055-19b57a819c16.png" width="500"> </div> </li> <li class="li substep substepexpand"> <span class="ph cmd">发送日志配置,发送协议选择<strong class="ph b">SYSLOG</strong>,编码选择<strong class="ph b">UTF-8</strong>,单击<span class="ph uicontrol">保存</span>。</span> <div class="itemgroup info"> <img class="image" id="addWin__image_tpw_5xw_ssb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112055-1adbdd619817.png" width="600"> <p class="p"></p> </div> </li> <li class="li substep substepexpand"> <span class="ph cmd">在<span class="ph menucascade"><span class="ph uicontrol">事件管理</span><abbr> > </abbr><span class="ph uicontrol">自定义查询</span></span>页面查询该虚拟资产46_nginx。</span> <div class="itemgroup info"> <img class="image" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112055-172b97fa977a.png" width="600"> </div> </li> <li class="li substep substepexpand"> <span class="ph cmd">确认查询该虚拟资产是不是只会查到所采集的文本型日志,如下图所示,只查询到所采集的文本型日志,说明资产重识别配置成功 。</span> <div class="itemgroup info"> <img class="image" id="addWin__image_kl3_fyw_ssb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222803112055-1560577091e7.png" width="800"> </div> </li> </ol> </li></ol></section>
以上内容是否解决了您的问题?
请补全提交信息!
联系我们

电话咨询

400-151-8800

邮件咨询

fincloud@ocft.com

在线客服

工单支持

解决云产品相关技术问题