top of page

Plug In

Plugin

PluginEN_edited.png

  • FileMaker Path: Enabling the option and specifying a path will capture the logs produced by FileMaker.

  • Activate BusinessLog RT Server: Enable or disable acquisition from BusinessLog RT.

  • RT Port: The TCP port used by RT clients (default 22422).

  • ​Transfer Rate RT: The bandwidth used for the transfer rate of RT files through TCP. A value of 10 MB/s is sufficient for 15 to 20 clients.

SNMP

SNMP.png

  • Enable SNMP: Enables the SNMP connector (disabled by default).

  • Community: Identifier of the SNMP group, which must also be configured on the monitored devices (default value: public).

  • Port: Communication port used by the SNMP protocol (default: 161).

  • Timeout (ms): Maximum time to wait for a response from a device (default: 5000).

  • Retries: Number of attempts made if no response is received.

  • Mode:

    • DB → uses the devices listed in the BusinessLog Machine List.

    • RANGE → performs a scan across the configured IP address ranges.

Sql Server

SqlServerEN_edited.jpg

  • Enable SQL Audit: Enables the acquisition of logs from files exported by the SQL Server audit system.

AS400

AS400Eng.png

  • Enable AS400 imports: Allows log collection from AS400 to be enabled or disabled.

  • AS400 Print Files Path: Log acquisition from AS400 systems is performed by scheduling the DSPLOG command, which exports internal system logs to a printer (PRT) configured to generate text files. The path must point to a folder where these files are saved. Support from an AS400 system administrator is recommended.

  • Additional AS400 serverersup to two servers can be configured. For each server, a custom name can be defined. If no name is provided, “AS400” is assigned by default. A dedicated folder for log storage can also be specified. The machine name is automatically added to the machine list when the first access log is collected.

SysLog

SyslogSetEN_edited.jpg

  • Activate SYSLOG UDP server

BusinessLog includes its own Syslog server, which is automatically started by the service. When this option is enabled, syslog messages generated by devices can be forwarded to the IP address of the machine hosting BusinessLog.

  • Standard port: the default port is already specified, but a custom port can also be configured. Make sure that the same port is configured on the clients as well. The default port is UDP 514.

  • Activate Syslog TLS server

On newer devices, encrypted syslog traffic can be enabled using the UDP 6514 port (by default).

  • Activate Syslog debug

When selected, enables raw log writing to a dedicated file located in the "Reg" subfolder and named RegSysList.log.

  • Record only Syslog messages from Admin users

Syslogs can generate hundreds or thousands of entries per day, and not all devices allow filtering of outgoing logs. When this option is enabled, the application receives all logs but records only those related to the users specified in the Administrators table.​

After the option is enabled and the service is restarted, the BusinessSysLog.exe process runs as a listener on the specified port.

ATTENTION:

Only one listener can be active on the same port at a time.

If other software is used for syslog logging, it must be disabled (or the port must be changed).

Once the Syslog server is enabled, access the Linux, Unix, or macOS systems to enable the Syslog client (refer to the documentation of each distribution for configuration details).

​

For network devices, access the administrative interface, locate the Syslog section, and configure log forwarding to the IP address of the BusinessLog machine (Ensure that the protocol is set to UDP).​

​

NOTE: It is recommended to limit log generation in order to avoid excessive traffic (which may reach thousands of events per minute):

  • Linux, Unix, and macOS systems: enable *.users and *.auth so that only events related to access and authentication are recorded. Note that definitions may vary depending on the distribution.

  • Devices: enable logging only for access to the administrative interface and VPN connections, for example on firewalls.

CVE

CVESetEN

The plug-in allows you to define the criteria used by the system to analyze known vulnerabilities (CVE) downloaded from the NIST/MITRE databases, enabling you to filter only the most relevant ones.

  • The Minimum Score parameter sets the CVSS threshold, ensuring that only vulnerabilities with a score equal to or above the selected value are included in the analysis.

  • The Recent Days parameter instead limits the check to vulnerabilities published within the specified time frame, allowing you to focus on the most recent ones and avoid an excessive number of results.

Functions

bottom of page