Azure – Log Analytics Workspace and AzureVirtual Machine Agent Install

How to prepare to collect security log data from your Azure Windows virtual machines. You require two things:

  1. Log Analystics Workspace to be created
  2. The agent to be installed on the Virtual machine.

This guide shows how to setup the workspace and install the agents on the virtual machine.

Create a Log Analytics Workspace

Pricing is Pay as you go

Next you connect to the data source

Click Virtual Machines > Select Virtual Machine and click Connect.

The Agent is then automatically installed and ready to configure for the log analytics workspace

Next Configure workspace under advanced settings. See MS Doc Quick Start Guide

Windows event log collect from Windows VM

  • Click Data > Windows Event Logs.
  • Add an event log. Example type System and then select “+”.
  • In the table, check the options Error and Warning.
  • Select Save at the top of the page to save the configuration.

Trend Micro OfficeScan 11 XG – Executables and Logs

The following is a list of key executables and a description of there task or roles when working with Trend Micro OfficeScan 11 XG. This is not a complete list.

Executable Task or Role
AUTOPCC.exe UNC based agent deployment program
CNTAoSMGR.exe OfficeScan agent plugin manager
DBSERVER.exe Interface to OfficeScan DB
iCRCSERVICE.exe Smart Scan functionality, File reputation and Web reputation
NTRTSCAN.exe Scanning, collects logs & requests for malware info
OFCSERVICE.exe Central Management for OfficeScan
OSCEINTEGRATIONSERVICE.exe Interface to Active Directory
SQLTxFr.exe Migrating OfficeScan HTTP DB to SQL
SVRSVCSETUP.exe GetInfo, Uninstall, Install OfficeScan server
SVRTUNE.exe Adjust setting, such as increase time to download for Updated Agents
TMBMSRV.exe Prevent unauthorised change to the registry
TMLISTEN.exe Server – Agent comms
TMPFW.exe Firewall
TMPROXY.exe Sending and recieveing HTTP/HTTPS traffic
TMVS.exe Vulnerabity scanner with option to deploy agent

 

The following is a list of key logs and a description of there task or roles when working with Trend Micro OfficeScan 11 XG. This is not a complete list.

Log Decription
OFCNT.log Client / Agent port info / Install info
OFCMAS.log OfficeScan server install info
OFCDEBUG.log OfficeScan debugging log
TMUDUMP.txt Update errors

 

Please note, this info may be incorrect. These are study notes and not official material. Comments are my own.

This site is funded by advert clicks. If you found this post useful, please click on an ad of interest.