This article provides specific examples of configuration files for MSI installations. An example of an MSI installation is bulk install scenarios using third-party tools. This article is intended to be used with the SIEM Collector 11.0 Windows Installation Guide (attached to this article).
Configuration File Examples
- Sample installation XML for Windows events sending to receiver 10.75.102.11:
<EventCollectorConfig log_level="debug" log_size="20971520">
<receiver ip="10.75.102.11" port="8082" use_ssl="no"/>
<group name="Local" use_parent_logging="yes" log_level="debug" use_parent_credentials="yes">
<host name="ComputerName" ip="127.0.0.1" use_parent_logging="yes" log_level="debug" use_parent_credentials="yes">
<plugin hostid="" name="ComputerName" type="win_evt">
<config key="Logs" value="Application, Security, System"/>
<config key="useWEF" value="0"/>
- Sample installation XML with LogTail enabled sending to receiver 10.75.102.11:
<EventCollectorConfig log_level="debug" log_size="20971520">
<receiver ip="10.75.102.11" port="8082" use_ssl="no"/>
<group name="Local" use_parent_logging="yes" log_level="debug" use_parent_credentials="yes">
<host name="ComputerName" ip="127.0.0.1" use_parent_logging="yes" log_level="debug" use_parent_credentials="yes">
<plugin hostid="" name="ComputerName" type="file">
<config key="delim" value=""/>
<config key="delimIsRegex" value="o"/>
<config key="directory" value="E:\temp"/>
<config key="logname" value="logger*"/>
<config key="multiline" value="0"/>
<config key="perline" value="1"/>
<config key="tailmode" value="end"/>
- Sample installation XML with LogTail enabled and credentials for user and b64 password defined sending to receiver 10.75.102.11:
<EventCollectorConfig log_level="debug" log_size="20971520">
<credentials user="admin" pass="" b64pass="U2VjdXJpdHkuNHUK" domain="" />
<receiver ip="10.75.102.11" port="8082" use_ssl="yes"/>
<group name="Local" use_parent_logging="yes" log_level="debug" use_parent_credentials="yes">
<host name="ComputerName" ip="127.0.0.1" use_parent_logging="yes" log_level="debug" use_parent_credentials="yes">
<plugin hostid="ComputerName" name="ComputerName" type="file">
<config key="delim" value=""/>
<config key="delimIsRegex" value="o"/>
<config key="directory" value="E:\temp"/>
<config key="logname" value="logger*"/>
<config key="multiline" value="0"/>
<config key="perline" value="1"/>
<config key="tailmode" value="end"/>
- Sample uninstall and install command lines for MSI installer and install XML files:
Uninstall
E:\SIEM_Collector>msiexec /uninstall SIEMCollectorInstaller.msi
Install
E:\SIEM_Collector>msiexec /i SIEMCollectorInstaller.msi /quiet INSTALLLOCATION="E:\McAfee" CONFIGFILE="E:\temp\install.config.xml"
