5.6.26. `Admin-GCenter- Data exports`
screen of the legacy web UI
5.6.26.1. Introduction
`Data Exports`
command in the `Admin-GCenter`
menu, the following screen allows you to manage up to two log exports to two different destinations.The `Data exports`
screen contains the following sections:
Item |
Name |
|
---|---|---|
7 |
1st type of export. The information available for this export is as follows: |
|
1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
2nd type of export. The information available for this export is as follows: |
|
1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
5.6.26.2. Setting up the connection
Alerts or
Alerts and metadata
This data can be defined in the General settings screen.
Note
No GCenter or GCap system log is affected by this export.
5.6.26.3. General settings
The `Data exports - GENERAL`
screen contains the following sections:
Item |
Name |
|
---|---|---|
1 |
The |
|
15 |
|
|
14 |
|
|
13 |
|
|
7 |
|
|
12 |
|
|
6 |
|
|
11 |
|
|
8 |
|
|
5 |
|
|
10 |
|
|
2 |
|
|
3 |
|
|
4 |
Button to return to the |
|
9 |
|
Name |
Description |
---|---|
Emergency |
The system is unusable |
Alert |
Action must be taken immediately |
Critical |
Conditions are severe. |
Error |
Failure conditions |
Warning |
Conditions of caution |
Notice |
Normal but significant condition |
Informational |
Explanatory messages |
Debug |
Repair level messages |
Note
SSL-TCP is mandatory if SSL encryption is enabled. Otherwise, it is disabled.
5.6.26.4. Filtering Parameters
The `Data exports - FILTERS`
screen contains the following parts:
Item |
Parameter |
Description |
---|---|---|
16 |
|
Defines the type of event to send to the remote server. Either alerts only, or alerts and metadata. (Example: alerts, all) |
17 |
|
Filter by IP or network. By default, all data is sent to the remote server if the field is empty. |
18 |
|
Filter by Gcap. By default, all data from the GCap paired to the GCenter is sent to the remote server if nothing is selected. (Example: GCap1, GCap2) |
19 |
|
Adds additional fields to the exported events.
A name (
`Name` ) and a description (`Values` ) can be entered in this window.When using the idmef codec, this field is not supported.
|
20 |
|
Selects the protocols to be exported.
(Example : dcerpc, dhcp, dnp3, dns, enip, ftp, http, http2, ikev2, krb5, mqtt, modbus, netflow, nfs, ntp, rdp, rfb, sip, smb, smtp, ssh, tftp et tls)
|
21 |
|
The changes are only effective after pressing |
Note
`Select All`
selects all listed protocols: a protocol that is not selected will not be exported.`Deselect all`
.5.6.26.5. Encryption
`Data exports - ENCRYPTYON`
screen contains the following sections:
Item
Parameter
Description
22
`Enable TLS`
Enables the TLS service (Transport Layer Security). Disabled by default.
23
`Check certificate`
Checks the validity of the certificate when the TLS service is enabled. Disabled by default.
24
`Certificate file`
Adds a certificate
25
`Certificate Key file`
Adds the related key
26
`Certificate Authority file`
Adds the file for the certification authority.
27
`Save`
The changes are only effective after pressing
`Save`