Configuring Log Forwarding

Synchronize Windows security logs from an on-premises Active Directory server through a Service Gateway.

Configure sharing of events from the Windows security logs (such as object access events, logon/logoff events, system events, and account management events) through a Service Gateway.

Note:

At least one Service Gateway (version 1.0.0.10091 and above) must be configured to enable integration.

For more information, see Service Gateway Inventory.

  1. Obtain the log forwarding agent's installation package from the Trend Micro Vision One console.
    1. Go to Administration > Third-Party Integration.
    2. In the Integration column, click Active Directory (on-premises).
    3. Click the toggle to enable or disable the integration.
    4. Under Log forwarding, click on Download Installation Package.

      A tooltip with information about the installation package appears.

    5. Click on Download Installer.
  2. Install the agent on your Active Directory server.
    1. Execute trend-micro-vision-one-ad-connector.exe with administrator rights.
    2. Follow the on-screen wizard to configure the log forwarding agent.
      Important:

      If SSL certificates are imported, the certificates must be the same as the ones used in Service Gateways

  3. Repeat the previous step to install the agent in multiple Active Directory servers.
  4. Verify that the agent has connected to Trend Micro Vision One and perform additional integration steps if necessary.
    Note:

    Any configuration changes on the Trend Micro Vision One console take 5 minutes to reflect on the log forwarding agent.

    1. Go to Administration > Third-Party Integration.
    2. In the Integration column, click Active Directory (on-premises).
    3. Verify that the log forwarding agents appear under Log forwarding.
    4. (Optional) Under Log forwarding, click on Enable automatic updates.
    Important:

    If the log forwarding agent user interface is open, the automatic updates process stops.