Table of Contents
- Getting Started
- Agent-Based Management
- Common Tasks
- Data Providers
- Directory Services
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- Active Directory User Monitor Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- Account Lockout Monitor Template
- Audit Policy Monitor Template
- Logon As Monitor Template
- Logon Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Process Monitor Template
- RDP Session Monitor Template
- Registry Value Monitor Template
- Service Monitor Template
- SMART Disk Monitor Template
- System Security Monitor Template
- Windows Update Template
- WMI Query Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Database Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- SNMP
- SSH Shell
- Syslog
- System Reset
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Best Practices
- Terminology
Corner Bowl Server Manager
SIEM, IPS, Server Monitoring, Uptime Monitoring and Compliance Software
Importing and Auditing Event Log Archive Files
The Event Log File Import Feature enables SAs and ISSMs to load previously archived Event Log Files into the Corner Bowl Server Manager Primary Log Database. This feature is typically used by auditors each week to systematically audit air gapped systems, that contain CUI and classified data, from an external location.
In this Topic
Video Tutorial
How to Batch Import and Audit Zipped Event Log Archive Files for CMMC and JSIG Compliance
To Import Event Log Files
- From the Menu Bar select File | Import Event Log Backup Files. The Import Event Log Backup Files View displays.
- Use the Select File button to select multiple Event Log Files (.evtx) or multiple zip files that contain Event Log Files.
- Use the Select Folder button to select a folder that contains Event Log Files (.evtx) and/or multiple zip files that contain Event Log Files.
Note
Zip files are automatically decompressed to the temporary directory where they are read then finally deleted upon import completion. When selecting a folder, sub-directories are recursively scanned.
- Use the Specify the computer the logs were generated from check box to manually specify the name of the host the Event Log Files were generated on, otherwise the hostname from the first Event Log Entry is applied. Typically this value is the host's FQDN. If you do not want hosts imported using their FQDN, use the text box to specify the actual host name instead.
Note
When importing Event Log Files from multiple hosts, do not enable or set this value, otherwise all imported Event Log Entries will be placed in the same table.
- Use the Remove previously downloaded or imported entries check box to delete or drop each table before importing each unique host and log type.
- Use the Filter drop-down to select an import filter.
- Click Import to start the import process.
Batch Importing Multiple Event Log Files
To Audit Event Log Files
Once your Event Log Files have been imported, the next step is to assign your compliance Reports to the newly imported hosts.
- Create a Report group, then assign the Reports and/or Sub-Report Groups you want to apply to the hosts being audited.
- Assign your new Report Group to the root Hosts Node.
- Once assigned, to your hosts, right click on any Report then select View Report.
Assign NIST/JSIG Reports to All Hosts
To Reset the System
When auditing a batch of different stand-alones or networked systems, best practices are to reset the databases and target hosts between each audit. Once reset, each audit is then limited to the current batch of Event Log Files.
For more information see: System Reset.
Critical
When you have completed your audit cycle, reset the system one last time, that way no data is left in the Corner Bowl Server Manager Log Databases.