Squid is an alternate solution with decreased performance compared to Port Mirroring and WELF.
Task One. Check these prerequisites:
- Identify a Server 2008 R2 or higher VM or a physical machine to which you will install the App Guru Client.
- Confirm that your firewall can output to Syslog in the WELF log file format.
If so, create a file share to which log files will be written to and stored.
Task Two. Download the AppGuru Client, as follows:
- Log in to your account at appguru.com.
- Download the AppGuru client at Settings > AD Sync. Follow on-screen instructions to download and install on the identified server (Server 2008 R2 or higher, virtual or physical).
- Under Service Logon, we recommend you select Custom and enter the credentials of a domain admin account holder.
You can also choose to run this as a service account, but then you must set permissions to maintain access to files and folders.
Note: We do not store domain admin account information.
Important: If you are going to integrate with your Active Directory, you must enter your domain admin credentials.
- Under TCP Log Source, select Squid Log File.
- Under File Share Path, point to the location that contains your log files.
Tip: This is the same whether the log files are static or active.
- Choose your DNS Log Source.
If you choose install Capture Service as your DNS log source, the capture component must also be installed on your DNS server. Otherwise, installation of the capture component is recommended but not required.
If you choose to use the DNS Server as your DNS log source, you can point the File share path to your DNS log on the DNS Server.