Log Exporters
Overview
Log Exporters allow admins to stream event data to an outside destination, e.g. a SIEM solution. Every few seconds, Link11 WAAP bundles and exports the most recent traffic events from its internal logs.
There is a known issue when attempting to create a new Log Exporter. More info
Below is a discussion of the console interface for configuring Log Exporters.
Usage within applications and APIs
Log Exporters operate at the system level. Admins can configure them for specific server groups, or for the entire planet.
Administration
The main Log Exporter window lists all currently defined Log Exporters.
The administration (addition/deletion/editing/versioning) of Log Exporters follows the conventions described here.
Parameters
Name
A unique name for use within L11WAAP.
Status
Whether or not this Log Exporter is currently active.
Destination IP
The destination IP to which event data will be sent.
Port
The port to which event data will be sent.
Server Groups
The specific server groups for which event data will be sent.
Transport protocol
The protocol to use while streaming the event data.
TCP: Event data will be streamed over TCP.
TCP + TLS (Trusted): Event data will be streamed over HTTPS. When this is selected, an additional control will appear for uploading a PEM file containing the TLS certificate for the data's destination. The system will validate the certificate upon upload.
TCP + TLS (Untrusted): Event data will be streamed over HTTPS, but the system will not use a certificate.
Requests to export
Blocked: Export only the requests blocked by L11WAAP.
All: Export all the requests blocked or passed by L11WAAP.
Troubleshooting
If a Log Exporter has been configured but is not streaming data:
Verify that it is in Active mode.
If its Protocol is TCP + TLS (Trusted), verify that the certificate is valid and has not expired.
Last updated
Was this helpful?