How do I edit actions for VigilEnt Security Agent for Webservers? (NETIQKB31824)

  • 7731824
  • 02-Feb-2007
  • 08-Sep-2008


How do I edit actions for VigilEnt Security Agent for Webservers?

VigilEnt Security Agent for WebServers 3.0


The Action Editor is used to modify the actions taken when a rule has detected an HTTP request that may pose a security risk. Actions are assigned separately to each rule in the Rule Editor.

To Edit Actions:

  1. Click the Detect/Prevent tab in the main VigilEnt Security Agent for Web Servers window. The Detect/Prevent window opens.
  2. Select Manage Web Servers on the subnavigation bar. The Web Server Manager window opens listing all web server configurations that have been added.
  3. Click the Edit Actions icon next to the configuration to be edited. The Action Editor window opens.

    Note: If a configuration is listed as active in the Web Server Manager, the Action Editor can be accessed using the Edit Actions link on the subnavigation bar.
    Links to all actions for the selected configuration are listed in the navigation pane on the left side of the screen.
  4. The Reject Request action is used to deny requests. It is the primary defense against unwanted access. Use the HTTP Status to Return parameter to select the error number to return to the sender of a denied request.
  5. The Log Request action records denied requests in the agent?s transaction log. Use the action?s parameters to configure the location of the log, as well as the log?s security
    and size.

    Note: Remember to monitor the size of the log directories and archive or delete the contents which are no longer of interest. If many logging actions are enabled, the directory may require daily maintenance for a busy web site.
    1. Path and Name Prefix: The default entry saves the log files in the directories created at installation time. This entry can be changed to place the log files in a different location.
    2. Roll Method: Entries in Roll Method and Roll Frequency are used to determine how often new log files are started. In Roll Method, select the base time interval to be used to determine when new logs are started.
    3. Roll Frequency: This entry is used with the entry in Roll Method; for example, set Roll Method to ROLL_BY_HOUR and Roll Frequency to 12 to start new logs twice each day. 
    4. Encrypt: Encryption can be used in instances in which the log files must be kept secure. Encrypt and the Encrypt Key fields are used together to encrypt log files. Select True to enable encryption.
    5. Encrypt Key: Type a key used to encrypt the log file. The key must be between 8 and 32 characters in length. For security reasons, when revisiting this window, the number of characters displayed may not equal the actual number of characters in the key.
    6. Encrypt Key (Repeat to Confirm): Retype the encryption key.
    7. NonRepudiate: Select True to enable non-repudiation. Non-repudiation is used to ensure data integrity by checking for tampering in the logs. If Encrypt is set to False, the Encrypt Key fields should be left blank.

      Note: Non-repudiation uses significant computer processing resources. For this reason, it should not be used unless necessary.
    8. Dedicated Memory Block Size: Enter the size, in bytes, of the shared memory segment used to buffer log entries. A typical size is 1 MB (1,048,576 bytes) for a host running a single HTTP server.
  6. The Send E-mail Alert action sends an e-mail to one or more addresses with information about a denied request. This feature also includes the ability to limit the number of e-mails sent to prevent a flood of messages that could overload the system

Additional Information

Formerly known as NETIQKB31824