Integrating Terminal Services Gateway EventTracker Enterprise

Similar documents
Integrating Barracuda SSL VPN

Integrating Microsoft Forefront Unified Access Gateway (UAG)

Integrate Microsoft Hyper-V Server

Integrate Sophos UTM EventTracker v7.x

Integrate Dell FORCE10 Switch

Integrate pfsense EventTracker Enterprise

Integrate Windows PowerShell

Integrate TippingPoint EventTracker Enterprise

Integrate Juniper Secure Access VPN

Integrating Microsoft Forefront Threat Management Gateway (TMG)

Integrating Cyberoam UTM

Integrate Barracuda Spam Firewall

Integrating Cisco Distributed Director EventTracker v7.x

Integrate MySQL Server EventTracker Enterprise

Integrate Malwarebytes EventTracker Enterprise

Integrate Sophos Enterprise Console. EventTracker v8.x and above

Integrate Veeam Backup and Replication. EventTracker v9.x and above

Integrate Trend Micro InterScan Web Security

Integration of Phonefactor or Multi-Factor Authentication

Integrate Viper business antivirus EventTracker Enterprise

Integrate Meraki WAP. EventTracker Enterprise. EventTracker 8815 Centre Park Drive Columbia MD

SECURE FILE TRANSFER PROTOCOL. EventTracker v8.x and above

Receive and Forward syslog events through EventTracker Agent. EventTracker v9.0

Enhancement in Network monitoring to monitor listening ports EventTracker Enterprise

EventTracker v7.x. Integrating Cisco Catalyst. EventTracker 8815 Centre Park Drive Columbia MD

Product Update: ET82U16-029/ ET81U EventTracker Enterprise

Integrate NGINX. EventTracker v8.x and above

Integrate Sophos Appliance. EventTracker v8.x and above

Integrate Microsoft Antimalware. EventTracker v8.x and above

Integrate Bluecoat Content Analysis. EventTracker v9.x and above

Integrate Microsoft IIS

Integrate F5 BIG-IP LTM

Integrate HP ProCurve Switch

Integrate Symantec Messaging Gateway. EventTracker v9.x and above

Integrate Microsoft ATP. EventTracker v8.x and above

Integrate IIS SMTP server. EventTracker v8.x and above

Integrate Cisco IOS Publication Date: April 15, 2016

Integrate Palo Alto Traps. EventTracker v8.x and above

Agent Installation Using Smart Card Credentials Detailed Document

8815 Centre Park Drive Columbia MD Publication Date: Dec 04, 2014

Integrating Imperva SecureSphere

Integrate Cisco Sourcefire

Integrate Cisco IronPort Security Appliance (ESA)

Integrate Cisco VPN Concentrator

Integrate EMC Isilon. EventTracker v8.x and above

Enhancement in Agent syslog collector to resolve sender IP Address EventTracker Enterprise

Integrate Fortinet Firewall. EventTracker v8.x and above

Integrate Cb Defense. EventTracker v8.x and above

Port Configuration. Configure Port of EventTracker Website

Integrate Salesforce. EventTracker v8.x and above

Integrate Saint Security Suite. EventTracker v8.x and above

Integrate Akamai Web Application Firewall EventTracker v8.x and above

Integrating LOGbinder SP EventTracker v7.x

Integrate Microsoft Office 365. EventTracker v8.x and above

How To Embed EventTracker Widget to an External Site

Integrate Citrix NetScaler

Integrate McAfee Firewall Enterprise VPN

Integrate Aventail SSL VPN

Agent health check enhancements Detailed Document

Integrate Kaspersky Security Center

Integrate Check Point Firewall. EventTracker v8.x and above

Integrate Cisco Switch

Integrate Apache Web Server

Integrate VMware ESX/ESXi and vcenter Server

Enable Auditing in Open LDAP on Linux Server

Integrate A10 ADC Publication Date: September 3, 2015

Integrate Citrix Access Gateway

EventTracker v8.2. Install Guide for EventTracker Log Manager. EventTracker 8815 Centre Park Drive Columbia MD

Integrate Routing and Remote Access Service (RRAS) EventTracker v8.x and above

Integrate APC Smart UPS

Geolocation and hostname resolution while Elasticsearch indexing. Update Document

Integrate Grizzly steppe attacks detection script

Integrate Clavister Firewall

Feature List. EventTracker v7.6. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Sep 15, 2014

Remote Indexing Feature Guide

Monitoring SharePoint 2007/ 2010/ 2013 Server using EventTracker

Upgrade Guide. Upgrading to EventTracker v7.1 Enterprise. Upgrade Guide Centre Park Drive Publication Date: Apr 11, 2011.

Secure IIS Web Server with SSL

Integrate WatchGuard XTM. EventTracker Enterprise

How to Configure ASA 5500-X Series Firewall to send logs to EventTracker. EventTracker

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Agent Direct Log Archiver Configuration Guide

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Service Pack ET90U Feature Document

Check Point Guide. Configure ETAgent to read CheckPoint Logs. EventTracker 8815 Centre Park Drive Columbia MD

Integrate Trend Micro Control Manager. EventTracker v8.x and above

Configuring TLS 1.2 in EventTracker v9.0

Security Scorecard in Flex Dashboard

EventVault Introduction and Usage Feature Guide Version 6.x

IIS Web Server Configuration Guide EventTracker v8.x

Installation Guide Install Guide Centre Park Drive Publication Date: Feb 11, 2010

Configure Alerts. EventTracker v6.x. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Jun 12, 2009

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

New Features Guide EventTracker v6.2

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Feature List. EventTracker v9.0

IIS Web Server Configuration Guide EventTracker v9.x

Process Termination. Feature Guide

EventTracker Upgrade Guide. Upgrade to v9.0

EventTracker Manual Agent Deployment User Manual

Transcription:

Integrating Terminal Services Gateway EventTracker Enterprise Publication Date: Jan. 5, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com

Abstract The purpose of this document is to help user in monitoring Microsoft Windows Terminal Services Gateway by deploying Windows Agent. Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version 7.x and later, and Microsoft Windows Server 2008 and later. Intended audience Administrators who are assigned the task to monitor and manage Microsoft Windows Terminal Services 2008 and later events using EventTracker. The information contained in this document represents the current view of Prism Microsystems Inc. on the issues discussed as of the date of publication. Because Prism Microsystems must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Prism Microsystems, and Prism Microsystems cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. Prism Microsystems MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from Prism, as long as its content is unaltered, nothing is added to the content and credit to Prism is provided. Prism Microsystems may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Prism Microsystems, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. 2016 Prism Microsystems Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 1

Table of Contents Abstract... 1 Scope... 1 Intended audience... 1 Pre-requisite... 3 EventTracker Agent configuration... 3 EventTracker Knowledge Pack (KP)... 7 Categories... 7 Reports... 7 Alerts... 8 Dashboards... 9 Import knowledge pack into EventTracker... 9 To import Alerts... 10 To import Category... 11 To import Tokens... 12 To import Flex Reports... 13 To Configure Flex Dashboard... 14 Verify knowledge pack in EventTracker... 18 Verify Alerts... 18 Verify Categories... 20 Verify Tokens... 20 Verify Flex Reports... 21 Sample Reports... 22 Sample Dashboards... 23 2

Overview Windows Server 2008 Terminal Services Gateway (TS Gateway) is a role service that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. The network resources can be terminal servers, terminal servers running RemoteApp programs, or computers with Remote Desktop enabled. TS Gateway encapsulates Remote Desktop Protocol (RDP) within RPC, within HTTP over a Secure Sockets Layer (SSL) connection. In this way, TS Gateway helps improve security by establishing an encrypted connection between remote users on the Internet and the internal network resources on which their productivity applications run. Pre-requisite Prior to configuring Windows Server 2008 and later and EventTracker 7.x and later, ensure that you meet the following prerequisites: Administrative access on EventTracker. User should have Administrative rights on Microsoft Windows Terminal Server. EventTracker Agent configuration 1. Deploy EventTracker Agent in Terminal Services Server, please follow the steps mentioned in How to Install EventTracker and Change Audit. 2. Select the Start >All Programs>Prism Microsystems> EventTracker. 3. In EventTracker Control Panel, double-click EventTracker Agent Configuration. 4. Select Event Filters tab, and then click the Filter Exception button. 3

Figure 1 Filter Exception window displays. 5. Click the New button. 4

Figure 2 Event Details window displays. 6. In Match in Source: box; enter Microsoft-Windows-TerminalServices-Gateway. Figure 3 5

7. Click the OK button. 8. Save the configuration and Close the EventTracker Agent Configuration window. Figure 4 6

EventTracker Knowledge Pack (KP) Once logs are received into EventTracker, Categories and reports can be configured into EventTracker. The following Knowledge Packs are available in EventTracker Enterprise to support Terminal Services Server. Categories Terminal Services: Connection Broker - This category based report provides information related to terminal services communication, terminal services farm membership, terminal services session broker configuration, terminal services session broker security group configuration and terminal services session broker server availability. Terminal Services: Desktop Session Host This category based report provides information related to remote desktop services availability, remote desktop services client access license availability, remote desktop session host connections, remote desktop session host listener availability, remote desktop session host user configuration and roaming user profile cache availability. Terminal Services: Gateway - This category based report provides information related to terminal services gateway server availability, terminal services gateway server configuration and terminal services gateway server connections. Terminal Services: Web Access This category based report provides information related to terminal services web access configuration. Terminal Services: Licensing This category based report provides information related to terminal services client access license availability, terminal services license server activation, terminal services license server database availability, terminal services license server discovery, terminal services license server security group configuration and terminal services per user client access license tracking and reporting. Reports Terminal Services Gateway-Server configuration failure - This report provides information related to terminal services gateway server configuration failure details. Terminal Services Gateway- Server configuration success: This report provides information related to terminal services gateway server configuration success details. 7

Terminal Services Gateway-Server connections failure - This report provides information related to terminal services gateway server connections failure activity. Terminal Services Gateway-Server connections success - This report provides information related to terminal services gateway server connections success activity. Terminal Services- Web Access Configuration - This report provides information related to terminal services web access configuration details. Terminal Services-Desktop session host activity This report provides information related to terminal services desktop session host details. Terminal Services-Load balancing This report provides information related to terminal services load balancing details. Terminal Services-IP virtualization This report provides information related to terminal services ip virtualization details. Terminal Services-Connection and session manager activity This report provides information related to terminal services remote and local session manager details. Terminal Services-Session activity This report provides information related to session logon and logoff succeeded, session connection and session reconnection details. Terminal Services-User activity-this report provides information related to user authentication success details. Alerts Terminal Services: Desktop session host - This alert is generated when remote desktop services start failed. Terminal Service: Gateway services - This alert is generated when terminal service gateway is shutting down. Terminal Services: Licensing This alert is generated when terminal services license server cannot issue a terminal services client access license to the client. Terminal Services: User configuration This alert is generated when terminal server profile path failed to load and client exceeded the maximum allowed failed logon attempts. 8

Dashboards Terminal Services: User authentication succeeded This dashboard give us the information about users who authentication is success. Terminal Services: Logon succeeded This dashboard give us the information about Connected sessions. Import knowledge pack into EventTracker 1. Launch EventTracker Control Panel. 2. Double click Export Import Utility. Click Import tab. Figure 5 9

Import Alerts/Category/Tokens/ Flex Reports as given below. To import Alerts 1. Click Alerts option, and then click the browse button. Figure 6 2. Locate Terminal Services.isalt file, and then click the Open button. 3. To import alerts, click the Import button. EventTracker displays success message. 10

Figure 7 4. Click OK, and then click the Close button. To import Category 1. Click Category option, and then click the browse button. Figure 8 2. Locate Terminal Services.iscat file, and then click the Open button. 11

3. To import categories, click the Import button. EventTracker displays success message. 4. Click OK, and then click the Close button. To import Tokens Figure 9 1. Click Token value option, and then click the browse button. Figure 10 2. Locate the Terminal Services.istoken file, and then click the Open button. 12

3. To import tokens, click the Import button. EventTracker displays success message. 4. Click OK, and then click the Close button. To import Flex Reports Figure 11 1. Click Reports option, and then click the browse button. Figure 12 13

2. Locate the Terminal Services.issch file, and then click the Open button. 3. Click the Import button to import the scheduled reports. EventTracker displays success message. Figure 13 4. Click the OK button. Click the Close button. To Configure Flex Dashboard 1. Scheduled flex reports (Microsoft DNS: Name resolution successfully) after importing them. 2. During scheduling, please check persist data and select all the columns to persist. Figure 14 14

Figure 15 3. Now, wait for the report to run as per schedule time or run it manually. 4. After generating report, click on Dashboard > Flex. 5. Click on Add Dashboard button and fill Title and Description box and save it. Figure 16 15

6. Now, create Dashlet for Microsoft DNS (Top URL usage) by clicking on Configure flex dashlet. 7. Fill WIDGET TITLE (Top URL usage), select DATA SOURCE (Microsoft DNS-Name resolution successfully), select CHART TYPE and select AXIS LABELS [X-AXIS]. Figure 17 8. After selecting and filling all options, click on the TEST button to check the Dashlet. If data are coming properly, then click on CONFIGURE button. 16

Figure 18 9. After creation of Dashlet for Terminal Services Logon Activity, click on Customize flex dashlet. 10. Select Terminal Services Logon Activity: Top URL usage dashlet and click on ADD button Figure 19 11. Now, you can see the Dashlet on Dashboard. 17

Figure 20 Verify knowledge pack in EventTracker Verify Alerts 1. Logon to EventTracker Enterprise. 2. Click Admin dropdown, and then click Alert 3. In Search field, type Terminal Services, and then click the Go button. Alert Management page will display all the imported Terminal Services alerts. 18

Figure 21 4. To activate the imported alerts, select the respective checkbox in the Active column. EventTracker displays message box. Figure 22 5. Click OK, and then click the Activate Now button. NOTE: You can select alert notification such as Beep, Email, and Message etc. For this, select the respective checkbox in the Alert management page, and then click the Activate Now button. 19

Verify Categories 1. Logon to EventTracker Enterprise. 2. Click Admin dropdown, and then click Categories. 3. In Category Tree to view imported categories, scroll down and expand Terminal Services Server group folder to view the imported categories. Verify Tokens Figure 23 1. Logon to EventTracker Enterprise. 2. Click the Admin dropdown, and then click Parsing rule. 20

Figure 24 Verify Flex Reports 1. Logon to EventTracker Enterprise. 2. Click the Reports. 3. Select the Configuration. 4. In the Reports Configuration, select Defined from radio button. EventTracker displays Defined page. 5. In search box enter Terminal Services. EventTracker displays flex reports of Terminal Services. 21

Figure 25 Sample Reports 1) Terminal Services : Logon Activity Figure 26 22

2) Terminal Services: User Activity Figure 27 Sample Dashboards 1. Terminal Services Logon Activity Figure 28 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback