...
Open the DNS Manager with the following command: dnsmgmt.msc.
Right-click the DNS server and click Properties.
Click the Debug Logging tab.
Select Log packets for debugging.
Enter the File path and name, and Maximum size.
Click Apply and OK.
Configuration sample:
Endpoint Agent Manager
...
Locate the inventory file we used in your Devo EA Manager deployment.
Open it with your preferred text editor, search for
deam_fleet_config_devoext_fetchfiles_paths_win(or add it undervarsif you have no previously configured fetchfiles) and add a new pattern with our previously configured log file path, a custom tag and multiline processing enabled with the following regular expression as a separator:'^\d\d?/\d\d?/\d{4}'The following screenshot shows a configuration sample:
If you are running a new deployment, continue with the normal process of deployment, the change will not be applied until the devo-endpoint-agent playbook is run.
...
Log in to your Devo EA Manager administration console (
https://<devo_ea_manager_ip>:8080)Once logged in, access the osquery configuration in
https://<DEAM_IP:8080>/-> settings -> Global agent options
Here, we will see a text editor with the default configuration values and the ones loaded from DEA Manager inventory file as in the following screenshot:
We need to search for the
windows->devo_extensions->fetchfilessection and add our previously configured log file path with a custom tag and multiline processing enabled with the following regular expression as a separator:Code Block content_separator: '^\d\d?/\d\d?/\d{4}'
Configuration sample:
| Note |
|---|
Remember to follow these steps if you have previously deployed the pattern in fetchfiles. |
...