Setting up WELF Log File Scanning

WELF is recommended when you are running a router or firewall without a mirror port, or if your mirror port is unavailable.

The installation procedure is the same for both active and static log files.


Task One.
  Check these prerequisites:
  • Identify a Server 2008 R2 or higher VM or a physical machine to which you will install the App Guru Client.
  • Confirm that your firewall can output to Syslog in the WELF log file format.  
    If so, create a file share to which log files will be written to and stored.
Tip: Before you continue, make sure you've reviewed our setup recommendations.

Task Two. Download the AppGuru Client, as follows:
  1. Log in to your account at appguru.com.
  2. Download the AppGuru client at Settings > AD Sync. Follow on-screen instructions to download and install on the identified server (Server 2008 R2 or higher, virtual or physical).
Task Three: Open the wizard in the AppGuru Client Setup Tool and continue set up.

Tips:
  • Under Service Logonwe recommend you select Custom and enter the credentials of a domain admin account holder. 
    You can also choose to run this as a service account, but then you must set permissions to maintain access to files and folders.  
    Note: We do not store domain admin account information.
  • Important: If you are going to integrate with your Active Directory, you must enter your domain admin credentials.
  • Under TCP Log Sourceselect WELF Log File
  • Under File Share Pathpoint to the location that contains your log files.
    Tip: This is the same whether the log files are static or active.
  • Choose your DNS Log Source.
    If you choose install Capture Service as your DNS log source, the capture component must also be installed on your DNS server. Otherwise, installation of the capture component is recommended but not required. 
    If you choose to use the DNS Server as your DNS log source, you can point the File share path to your DNS log on the DNS Server    

 

Feedback and Knowledge Base