How it Works
Xerox
Loading...
AltaLink B8145
Users Guide [ru]
418 pgs8.86 Mb1
User Manual [no]
392 pgs8.84 Mb1
Reference Guide
214 pgs986.12 Kb0
Users Guide [tr]
392 pgs8.87 Mb0
Users Guide [pt]
408 pgs8.94 Mb0
Users Guide [uk]
414 pgs8.85 Mb0
Reference Guide [pt]
212 pgs1.04 Mb0
Users Guide [fi]
386 pgs8.82 Mb0
Users Guide [it]
408 pgs8.94 Mb0
Reference Guide [es]
212 pgs1.03 Mb0
Users Guide [da]
394 pgs8.87 Mb0
Users Guide [fr]
418 pgs8.97 Mb0
Getting Started [ca]
13 pgs589.77 Kb0
Users Guide [cs]
392 pgs8.9 Mb0
Users Guide [hr]
390 pgs8.89 Mb0
Users Guide [el]
426 pgs8.97 Mb0
Reference Guide [fr]
212 pgs1.01 Mb0
Users Guide [ca]
408 pgs8.93 Mb0
Users Guide [se]
394 pgs8.84 Mb0
Users Guide [pl]
406 pgs8.96 Mb0
Users Guide [nl]
412 pgs8.93 Mb0
Users Guide [ar]
366 pgs9.5 Mb0
Users Guide [ro]
404 pgs8.92 Mb0
Users Guide [hu]
412 pgs8.99 Mb0
Users Guide [es]
406 pgs8.93 Mb0
Getting Started [tr]
13 pgs590.41 Kb0
Getting Started [bg]
13 pgs590.13 Kb0
Getting Started [pt]
13 pgs588.41 Kb0
Getting Started [sl]
13 pgs590.2 Kb0
Getting Started [hr]
13 pgs590.17 Kb0
Getting Started
13 pgs585.61 Kb0
Getting Started [fr]
13 pgs588.84 Kb0
Getting Started [fi]
13 pgs585.69 Kb0
Getting Started [ar]
13 pgs629.82 Kb0
Getting Started [nl]
13 pgs587.88 Kb0
Getting Started [da]
13 pgs588.92 Kb0
Getting Started [cs]
13 pgs592.8 Kb0
Table of contents
Loading...

Xerox AltaLink B8145, AltaLink B8155, AltaLink B8170 Reference Guide

Version 1.0 August 2020 702P08324
Xerox
®
AltaLink
®
Series Security Information and Event Management Reference Guide
©2020 Xerox Corporation. All rights reserved. Xerox®, Xerox and Design®, AltaLink®, FreeFlow®, SMARTsend®, Scan to PC Desktop Interface Platform
®
, MeterAssistant®, SuppliesAssistant®, Xerox Secure Access Unified ID System®, Xerox Extensible
®
, Global Print Driver®, and Mobile Express Driver®are trademarks of Xerox Corporation in the
United States and / or other countries.
®
Adobe PostScript
Apple Mac OS
Google Cloud Print
, Adobe PDF logo, Adobe®Reader®, Adobe®Type Manager®, ATM™, Flash®, Macromedia®, Photoshop®, and
®
are trademarks or registered trademarks of Adobe Systems, Inc.
®
, Bonjour®, EtherTalk™, TrueType®, iPad®, iPhone®, iPod®, iPod touch®, AirPrint®and the AirPrint Logo®, Mac®,
®
, and Macintosh®are trademarks or registered trademarks of Apple Inc. in the U.S. and other countries.
web printing service, Gmail™webmail service, and Android™mobile technology platform are
trademarks of Google, Inc.
®
HP-GL
, HP-UX®, and PCL®are registered trademarks of Hewlett-Packard Corporation in the United States and/or
other countries.
®
IBM
and AIX®are registered trademarks of International Business Machines Corporation in the United States and/or
other countries.
McAfee
®
, ePolicy Orchestrator®, and McAfee ePO™are trademarks or registered trademarks of McAfee, Inc. in the
United States and other countries.
Microsoft
®
, Windows Vista®, Windows®, Windows Server®, and OneDrive®are registered trademarks of Microsoft
Corporation in the United States and other countries.
Mopria is a trademark of the Mopria Alliance.
®
Novell
, NetWare®, NDPS®, NDS®, IPX™, and Novell Distributed Print Services™ are trademarks or registered
trademarks of Novell, Inc. in the United States and other countries.
PANTONE
SGI
®
and other Pantone, Inc. trademarks are the property of Pantone, Inc.
®
and IRIX®are registered trademarks of Silicon Graphics International Corp. or its subsidiaries in the United
States and/or other countries.
Sun, Sun Microsystems, and Solaris are trademarks or registered trademarks of Oracle and/or its affiliates in the United States and other countries.
®
UNIX
is a trademark in the United States and other countries, licensed exclusively through X/ Open Company Limited.
Wi-Fi CERTIFIED Wi-Fi Direct
®
is a trademark of the Wi-Fi Alliance.
Table of Contents
1 Introduction...............................................................................................................................9
SIEM Overview.......... ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ........ 10
Configuring SIEM. ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ....... 10
Supported Printers ..... ..... ........................... ..... ...................... ..... ..... ................. ..... ..... ..... ....... 11
2 Device Configuration .............................................................................................................13
Configuration Overview........ ..... ..... ...................... ..... ........................... ..... ...................... ..... .. 14
Configuring SIEM...... ..... ..... ..... ...................... ..... ...................... ..... ........................... ..... ..... ... 15
Configuring a SIEM Destination ..... ..... ..... ................. ..... ..... ..... ............ ..... ..... ..... ................... 16
Editing a SIEM Destination ........ ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. . 17
3 Message Format .....................................................................................................................19
Message Format Overview .......... ..... ..... ...................... ..... ........................... ..... ...................... 20
Syslog Message Format............ ..... ..... ..... ................. ..... ..... ...................... ..... ......................... 21
Severity Levels ... ..... ................. ..... ..... ...................... ..... ........................... ..... ...................... ... 22
4 Message List ............................................................................................................................23
Message List Overview .......... ..... ........................... ........................... ..... ..... ................. ..... ..... . 29
CEF Key Name Mapping ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ............. 30
1 System Startup .. ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... ...................... 32
2 System Shutdown . ..... ...................... ..... ........................... ..... ...................... ..... ..... .............. 33
3 Standard Disk Overwrite Started ..... ..... ..... ...................... ..... ........................... ..... ............... 34
4 Standard Disk Overwrite Complete .......... ..... ........................... ..... ...................... ..... ..... ....... 35
5 Print Job ... ...................... ..... ..... ................. ..... ..... ..... ..... ............ ..... ..... ..... ................. ..... .... 36
6 Network Scan Job ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ............... 37
7 Server Fax Job.... ..... ................. ..... ..... ...................... ..... ........................... ..... ...................... 38
8 Internet Fax Job......... ..... ..... ...................... ..... ........................... ..... ...................... ..... ..... .... 39
9 Email Job.. ..... ..... ..... ................. ..... ..... ...................... ..... ........................... ..... ..................... 40
10 Audit Log Disabled....... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... 41
11 Audit Log Enabled.... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... .... 42
12 Copy Job.. ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... ... 43
13 Embedded Fax Job .................... ..... ..... ................. ..... ..... ..... ............ ..... ..... ..... ..... .............. 44
14 LAN Fax Job ... ........................... ..... ..... ................. ..... ..... ..... ............ ..... ..... ..... ..... .............. 45
16 Full Disk Overwrite Started ... ...................... ..... ..... ...................... ..... ..... ................. ..... ..... .. 46
17 Full Disk Overwrite Complete................ ..... ...................... ..... ..... ................. ..... ..... ..... ..... ... 47
20 Scan to Mailbox Job................... ..... ...................... ..... ..... ................. ..... ..... ..... ................. . 48
21 Delete File/Dir...... ..... ..... ..... ...................... ..... ...................... ..... ........................... ..... ..... ... 49
Xerox®AltaLink®Series
Security Information and Event Management Reference Guide
3
Table of Contents
23 Scan to Home ............... ..... ..... ................. ..... ..... ..... ..... ............ ..... ..... ..... ................. ..... .... 50
24 Scan to Home Job ..... ................. ..... ..... ...................... ..... ..... ...................... ..... .................. 51
27 Postscript Passwords .. ..... ..... ................. ..... ..... ...................... ..... ..... ...................... ..... ....... 52
29 Network User Login.... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ....... 53
30 SA Login ............... ..... ..... ...................... ..... ........................... ..... ...................... ..... ..... ....... 54
31 User Login . ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. . 55
32 Service Login Diagnostics ........ ..... ........................... ..... ...................... ..... ..... ................. .... 56
33 Audit Log Download ........ ..... ........................... ........................... ..... ..... ................. ..... ..... . 57
34 Immediate Job Overwrite Enablement ........ ..... ...................... ..... ..... ..... ............ ..... ..... ..... . 58
35 SA PIN Changed . ..... ...................... ..... ..... ...................... ..... ...................... ..... ..... .............. 59
36 Audit Log File Saved... ..... ..... ................. ..... ..... ...................... ..... ..... ...................... ..... ....... 60
37 Force Traffic over Secure Connection.......................... ..... ...................... ..... ..... ................. . 61
38 Security Certificate . ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... 62
39 IPsec... ................. ..... ..... ........................... ..... ...................... ..... ...................... ..... ..... ..... ... 63
40 SNMPv3........ ..... ..... ...................... ..... ...................... ..... ..... ...................... ..... ..... ............... 64
41 IP Filtering Rules .......... ..... ........................... ..... ...................... ..... ..... ................. ..... ..... ..... 65
42 Network Authentication Configuration.... ..... ...................... ..... ...................... ..... ............... 66
43 Device Clock .. ..... ..... ..... ................. ..... ..... ...................... ..... ..... ...................... ..... .............. 67
44 Software Upgrade.. ..... ..... ................. ..... ..... ...................... ..... ........................... ..... ........... 68
45 Clone File Operations . ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... .. 69
46 Scan Metadata Validation.. ..... ................. ..... ..... ..... ..... ............ ..... ..... ..... ................. ..... .... 70
47 Xerox Secure Access Configuration.... ..... ................. ..... ..... ...................... ..... ..................... 71
48 Service Login Copy Mode ............... ..... ..... ...................... ..... ........................... ..... .............. 72
49 Smartcard Login .................. ..... ..... ..... ............ ..... ..... ..... ..... ............ ..... ..... ..... ................... 73
50 Process Terminated......... ..... ..... ..... ................. ..... ..... ...................... ..... ........................... .. 74
51 Scheduled Disk Overwrite Configuration.............. ..... ..... ...................... ..... ..... .................... 75
53 Saved Jobs Backup.............. ..... ..... ..... ................. ..... ..... ...................... ..... ..... .................... 76
54 Saved Jobs Restore..... ............ ..... ..... ..... ..... ............ ..... ..... ..... ...................... ..... ................. 77
57 Session Timer Logout ... ..... ..... ..... ................. ..... ..... ...................... ..... ........................... ..... 78
58 Session Timeout Interval Change ...................... ..... ..... ................. ..... ..... ..... ................. ..... 79
59 User Permissions.. ..... ..... ..... ..... ................. ..... ..... ...................... ..... ..... ...................... ..... ... 80
60 Device Clock NTP Configuration ..... ..... ...................... ..... ..... ...................... ..... ..... .............. 81
61 Device Administrator Role Permission.................. ..... ...................... ..... ..... ................. ..... ... 82
62 Smartcard Configuration. ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... ..... .. 83
63 IPv6 Configuration.. ..... ..... ............ ..... ..... ..... ...................... ..... ..... ...................... ..... .......... 84
64 802.1x Configuration.. ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ...... 85
65 Abnormal System Termination ............. ..... ...................... ..... ..... ...................... ..... ..... ..... ... 86
66 Local Authentication Enablement ... ................. ..... ..... ..... ................. ..... ..... ..... ................. . 87
67 Web User Interface Login Method............. ..... ..... ...................... ..... ...................... ..... ..... ... 88
68 FIPS Mode Configuration ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... ....... 89
69 Xerox Secure Access Login. ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... 90
70 Print from USB Enablement................. ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... .... 91
71 USB Port Enablement.... ................. ..... ..... ..... ................. ..... ..... ...................... ..... ..... ......... 92
4
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
Table of Contents
72 Scan to USB Enablement ..... ........................... ..... ...................... ..... ..... ................. ..... ..... .. 93
73 System Log Download............. ..... ..... ..... ................. ..... ..... ...................... ..... ..................... 94
74 Scan to USB Job. ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... .................... 95
75 Remote Control Panel Configuration . ..... ........................... ..... ...................... ..... ..... ........... 96
76 Remote Control Panel Session . ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ................ 97
77 Remote Scan Feature Enablement. ..... ................. ..... ..... ..... ................. ..... ..... ..... ............... 98
78 Remote Scan Job Submitted .. ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... 99
79 Remote Scan Job Completed... ...................... ..... ..... ..... ............ ..... ..... ..... ..... ............ ..... .. 100
80 SMTP Connection Encryption ... ..... ..... ................. ..... ..... ..... ................. ..... ..... .................. 101
81 Email Domain Filtering Rule . ..... ..... ..... ............ ..... ..... ..... ..... ............ ..... ..... ..... ................. 102
82 Software Verification Test Started ..... ..... ................. ..... ..... ...................... ..... ................... 103
83 Software Verification Test Complete ............ ..... ..... ..... ................. ..... ..... ...................... ... 104
84 McAfee Security State................ ..... ..... ...................... ..... ........................... ..... ................ 105
85 McAfee Security Event . ..... ..... ...................... ..... ...................... ..... ..... ................. ..... ..... ... 106
87 McAfee Agent ... ..... ...................... ..... ........................... ..... ...................... ..... ..... ............. 107
88 Digital Certificate Import Failure.................. ..... ...................... ..... ..... ................. ..... ..... ... 108
89 Device User Account Management ..... ...................... ..... ..... ................. ..... ..... ..... ............ 109
90 Device User Account Password Change ..... ..... ..... ..... ................. ..... ..... ...................... ..... . 110
91 Embedded Fax Job Secure Print Passcode. ..... ................. ..... ..... ..... ................. ..... ..... ..... .. 111
92 Scan to Mailbox Folder Password ............. ..... ..... ..... ................. ..... ..... ...................... ..... .. 112
93 Embedded Fax Mailbox Passcode ..... ..... ..... ............ ..... ..... ..... ..... ................. ..... ..... .......... 113
94 FTP / SFTP Filing Passive Mode ............ ..... ...................... ..... ..... ................. ..... ..... ..... ..... . 114
95 Embedded Fax Forwarding Rule .. ..... ...................... ..... ........................... ..... .................... 115
96 Allow Weblet Installation . ...................... ..... ..... ................. ..... ..... ..... ..... ............ ..... ..... .... 116
97 Weblet Installation .. ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... ..... ....... 117
98 Weblet Enablement ............... ..... ...................... ..... ..... ...................... ..... ..... ................. ... 118
99 Network Connectivity Configuration... ................. ..... ..... ...................... ..... ..... .................. 119
100 Address Book Permissions .................... ..... ..... ...................... ..... ..... ..... ............ ..... ..... .... 120
101 Address Book Export ..... ..... ..... ..... ................. ..... ..... ...................... ..... ........................... 121
102 Software Upgrade Policy....... ..... ...................... ..... ..... ................. ..... ..... ..... ................. .. 122
103 Supplies Plan Activation ........ ..... ........................... ..... ...................... ..... ..... ................. .. 123
104 Plan Conversion . ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ...... 124
105 IPv4 Configuration.. ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ........... 125
106 SA PIN Reset.... ..... ...................... ..... ...................... ..... ..... ...................... ..... ..... ............. 126
107 Convenience Authentication Login ..... ..... ...................... ..... ..... ................. ..... ..... ..... ..... . 127
108 Convenience Authentication Configuration ... ..... ................. ..... ..... ..... ................. ..... ..... 128
109 Embedded Fax Passcode Length ............. ..... ...................... ..... ...................... ..... ..... ..... . 129
110 Custom Authentication Login.... ..... ..... ..... ............ ..... ..... ..... ..... ................. ..... ..... .......... 130
111 Custom Authentication Configuration.. ..... ..... ................. ..... ..... ..... ................. ..... ..... .... 131
112 Billing Impression Mode.. ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ... 132
114 Clone File Installation Policy ............... ..... ...................... ..... ..... ................. ..... ..... ..... ..... 133
115 Save For Reprint Job. ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... 134
116 Web User Interface Access Permission... ..... ...................... ..... ..... ...................... ..... ........ 135
Xerox®AltaLink®Series
Security Information and Event Management Reference Guide
5
Table of Contents
117 System Log Push to Xerox ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... .. 136
120 Mopria Print Enablement .. ...................... ..... ........................... ........................... ..... ..... . 137
123 Near Field Communication (NFC) Enablement ............. ..... ...................... ..... ..... ............ 138
124 Invalid Login Attempt Lockout ................. ..... ..... ................. ..... ..... ..... ................. ..... ..... 139
125 Secure Protocol Log Enablement ..... ..... ...................... ..... ..... ...................... ..... ..... ......... 140
126 Display Device Information Configuration.. ..... ................. ..... ..... ...................... ..... ........ 141
127 Successful Login After Lockout Expired.. ..... ...................... ..... ..... ...................... ..... ........ 142
128 Erase Customer Data ................. ..... ...................... ..... ..... ................. ..... ..... ..... ............. 143
129 Audit Log SFTP Scheduled Configuration..... ................. ..... ..... ..... ................. ..... ..... ....... 144
130 Audit Log SFTP Transfer ... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... .. 145
131 Remote Software Download Policy.... ...................... ..... ..... ................. ..... ..... ..... ............ 146
132 AirPrint & Mopria Scanning Configuration................ ..... ...................... ..... ..... ................ 147
133 AirPrint & Mopria Scan Job Submitted............... ..... ........................... ..... ...................... . 148
134 AirPrint & Mopria Scan Job Completed.... ...................... ..... ..... ...................... ..... ..... ..... . 149
136 Remote Services NVM Write. ..... ................. ..... ..... ...................... ..... ..... ...................... ... 150
137 FIK Install via Remote Services............. ..... ..... ................. ..... ..... ..... ..... ............ ..... ..... .... 151
138 Remote Services Data Push .................... ..... ...................... ..... ..... ...................... ..... ..... .. 152
139 Remote Services Enablement . ..... ..... ................. ..... ..... ...................... ..... ....................... 153
140 Restore Backup Installation Policy.. ...................... ..... ..... ...................... ..... .................... 154
141 Backup File Downloaded . ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ... 155
142 Backup File Restored ............. ..... ........................... ..... ...................... ..... ..... ................. .. 156
144 User Permission Role Assignment ... ..... ..... ............ ..... ..... ..... ..... ................. ..... ..... .......... 157
145 User Permission Role Configuration. ..... ..... ..... ................. ..... ..... ...................... ..... ..... .... 158
146 Admin Password Reset Policy Configuration ................... ..... ..... ...................... ..... ..... ..... 159
147 Local User Account Password Policy ....... ..... ..... ..... ................. ..... ..... ...................... ..... .. 160
148 Restricted Administrator Login ..... ..... ........................... ..... ...................... ..... ..... ............ 161
149 Restricted Administrator Role Permission....... ..... ..... ..... ................. ..... ..... ...................... 162
150 Logout............ ..... ..... ...................... ..... ...................... ..... ..... ...................... ..... ..... ......... 163
151 IPP Configuration .......... ..... ........................... ..... ...................... ..... ..... ................. ..... .... 164
152 HTTP Proxy Server Configuration.. ..... ............ ..... ..... ..... ..... ............ ..... ..... ..... ................. 165
153 Remote Services Software Download ............ ..... ..... ..... ..... ............ ..... ..... ..... ................. 166
154 Restricted Administrator Permission Role Configuration.......... ..... ..... ..... ..... ............ ..... .. 167
155 Weblet Installation Security Policy ... ..... ..... ...................... ..... ...................... ..... ............. 168
156 Lockdown and Remediate Security Enablement............ ..... ..... ...................... ..... ..... ....... 169
157 Lockdown Security Check Complete..... ..... ............ ..... ..... ..... ..... ................. ..... ..... .......... 170
158 Lockdown Remediation Complete . ................. ..... ..... ...................... ..... .......................... 171
159 Send Engineering Logs on Data Push .. ..... ...................... ..... ..... ...................... ..... ..... ..... 172
160 Print Submission of Clone Files Policy ............. ..... ..... ..... ................. ..... ..... ..................... 173
161 Network Troubleshooting Data Capture . ..... ........................... ..... ...................... ..... ..... .. 174
162 Network Troubleshooting Data Download ... ...................... ..... ..... ...................... ..... ..... .. 175
163 DNS-SD Record Data Download . ........................... ..... ...................... ..... ..... ................. .. 176
164 One-Touch App Management ....... ..... ..... ...................... ..... ..... ................. ..... ..... ..... ..... . 177
165 SMB Browse Enablement ... ................. ..... ..... ...................... ..... ...................... ..... ..... ..... 178
6
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
Table of Contents
166 Standard Job Data Removal Started . ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... .. 179
167 Standard Job Data Removal Complete.............. ..... ..... ..... ................. ..... ..... ..... ............. 180
168 Full Job Data Removal Started ............ ..... ..... ..... ................. ..... ..... ...................... ..... ..... 181
169 Full Job Data Removal Complete............ ..... ..... ..... ................. ..... ..... ...................... ..... .. 182
170 Scheduled Job Data Removal Configuration. ..... ..... ...................... ..... ..... ................. ..... . 183
171 Cross-Origin-Resource-Sharing (CORS) ........ ..... ..... ..... ................. ..... ..... ...................... ... 184
172 One-Touch App Export .. ..... ..... ..... ................. ..... ..... ...................... ..... ..... ...................... 185
173 Fleet Orchestrator Trust Operations.. ...................... ..... ..... ...................... ..... ..... ............. 186
174 Fleet Orchestrator Configuration.. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ....... 187
175 Fleet Orchestrator - Store File for Distribution....... ..... ...................... ..... ..... ................. ... 188
176 Xerox Configuration Watchdog Enablement...... ..... ..... ..... ................. ..... ..... ..... ............. 189
177 Xerox Configuration Watchdog Check Complete ........ ..... ..... ................. ..... ..... ..... ......... 190
178 Xerox Configuration Watchdog Remediation Complete . ..... ..... ................. ..... ..... ..... ...... 191
179 ThinPrint Configuration........ ..... ..... ...................... ..... ..... ...................... ..... .................... 192
180 iBeacon Active ............... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..................... 193
181 Network Troubleshooting Feature ........................ ..... ...................... ..... ..... ................. ... 194
182 POP3 Connection Encryption (TLS) ........................... ..... ...................... ..... ..... ................ 195
183 FTP Browse Configuration ..... ..... ..... ...................... ..... ........................... ..... ................... 196
184 SFTP Browse Configuration . ........................... ........................... ..... ..... ................. ..... .... 197
189 Smart Proximity Sensor “Sleep on Departure” Enablement ..... ..... ..... ..... ..... ............ ..... .. 198
190 Cloud Browsing Enablement. ..... ..... ..... ..... ............ ..... ..... ..... ...................... ..... ..... .......... 199
192 Scan to Cloud Job . ...................... ..... ........................... ..... ...................... ..... ..... ............. 200
193 Xerox Workplace Cloud Enablement.. ..... ..... ................. ..... ..... ..... ................. ..... ..... ....... 201
194 Scan To Save FTP and SFTP Credentials Policy Configured... ..... ..... ..... ................. ..... ..... 202
195 Card Reader ............... ..... ..... ...................... ..... ...................... ..... ..... ................. ..... ..... ... 203
196 EIP App Management.. ...................... ..... ...................... ..... ..... ...................... ..... ..... ..... . 204
197 EIP App Enablement .................... ..... ........................... ..... ...................... ..... ..... ............ 205
199 Card Reader Upgrade Policy..................... ..... ..... ................. ..... ..... ..... ................. ..... ..... 206
200 Card Reader Upgrade Attempted ..... ................. ..... ..... ..... ................. ..... ..... .................. 207
204 Syslog Server Configuration ....... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ......... 208
205 TLS Configuration......... ..... ..... ..... ..... ............ ..... ..... ..... ................. ..... ..... ...................... 209
208 Canceled Job ... ..... ..... ................. ..... ..... ........................... ..... ...................... ..... ............. 210
More Information............ ..... ...................... ..... ..... ................. ..... ..... ..... ..... ............ ..... ..... .... 211
Xerox®AltaLink®Series
Security Information and Event Management Reference Guide
7
Table of Contents
8
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
1

Introduction

This chapter contains:
SIEM Overview............. ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ......... 10
Supported Printers ........ ..... ........................... ..... ...................... ..... ..... ................. ..... ..... ..... ..... ... 11
Xerox®AltaLink®Series
Security Information and Event Management Reference Guide
9
Introduction

SIEM Overview

Security Information Event Management (SIEM) products and services are designed to support the analysis of security alerts that applications and network hardware generate. SIEM systems offer advanced analytics and real-time monitoring, including data and application monitoring. SIEM gathers security event information from the entire network, to centralize data collection and ensure that Xerox
Supported Xerox Enterprise Security Manager, LogRhythm, and Splunk Enterprise Security. The SIEM feature enables your Xerox syslog protocol. SIEM solutions can provide predefined report templates for most compliance mandates, such as HIPAA.
Syslog messages that your Xerox device generates are sent automatically to SIEM destinations for analysis and reporting. In a SIEM system, an administrator can view the events that occurred over a specific time period, for example, to investigate a security breach. Through security event correlation, SIEM systems analyze the network for potential threats. Unusual activity in one part of the network does not always indicate a breach, but multiple unusual activities can indicate an issue.
Events are sent as they occur. Events are transmitted in Common Event Format (CEF), which a SIEM system can interpret.
For further information about security solutions for your Xerox
com/security, navigate to the AltaLink page, then select your device.
®
AltaLink®devices are included with other networked devices.
®
AltaLink®devices include SIEM firmware support for connections to McAfee
®
AltaLink®device to send security events directly to compatible SIEM systems using the
®
AltaLink®device, go to www.xerox.
CCoonnffiigguurriinngg SSIIEEMM
You can configure up to three SIEM destinations and control the events that are sent to each destination, based on the level of severity. The severity levels correspond to the syslog severity codes.
SIEM is configured using the SIEM settings in the Embedded Web Server.
To configure your Xerox AltaLink device to input to a SIEM system:
• Access the SIEM settings and select the destination required.
• Enable sharing for the SIEM destination.
• Enter the name for the SIEM destination.
• Select a Transport Protocol to use for transporting events to the SIEM destinations.
• Enter the SIEM syslog server details.
• Test the connection to the server.
• Select a logging severity level.
• The device sends event data to the SIEM system for analysis and reporting.
For full instructions on configuring SIEM, refer to Device Configuration.
10
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
Introduction

Supported Printers

The following devices support the SIEM feature and can be enabled to send audit log events directly to compatible SIEM systems using the syslog protocol.
Xerox
Xerox
®
AltaLink®Series C8130/8135/8145/8155/8170 Multifunction Printers
®
AltaLink®Series B8145/8155/8170 Multifunction Printers
®
Xerox
Security Information and Event Management Reference Guide
AltaLink®Series
11
Introduction
12
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
2

Device Configuration

This chapter contains:
Configuration Overview................ ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ... 14
Configuring SIEM.............. ..... ........................... ..... ...................... ..... ..... ................. ..... ..... ..... .... 15
Configuring a SIEM Destination ... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... .................... 16
Editing a SIEM Destination .. ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ...... 17
Xerox®AltaLink®Series
Security Information and Event Management Reference Guide
13
Device Configuration

Configuration Overview

This section describes how to configure and enable the Security Information and Event Management (SIEM) feature on your Xerox device.
Configuration steps are performed using the Embedded Web Server on the device.
You can configure up to three SIEM destinations and control the events that are sent to each destination, based on the level of severity. The severity levels correspond to the syslog severity codes.
14
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
Device Configuration

Configuring SIEM

To configure the Security Information and Event Management (SIEM) feature:
1. In the Embedded Web Server, click PropertiesSecurityLogsSIEM.
Note: Alternatively, to access the SIEM page from the Connectivity setup page, click
PropertiesConnectivitySetup. For SIEM, click Edit.
At the SIEM page, the status area displays the time stamp of the last device event and shows the enablement state of SIEM destinations.
2. To view the stored events log, click View Events.
The latest syslog events appear in reverse order. The event log can display up to 20,000 events. To download the events log, click Download Events, then save the syslog.txt file to a folder on your computer.
3. The Share Events area shows the status of SIEM destinations. The statuses include the following:
event range; host name settings: The SIEM destination is configured and is enabled
to receive events in the specified range.
Configured; Not Sharing: The SIEM destination is configured, but is not enabled to
receive events.
Not Configured: The SIEM destination is not configured.
4. To send a test to the SIEM destinations, click Send Sample Event. At the prompt, click Send. A
sample event is sent to all destinations that are configured and enabled.
Note: If no destinations are configured, the Send Sample Event function is not available.
®
Xerox
Security Information and Event Management Reference Guide
AltaLink®Series
15
Device Configuration

Configuring a SIEM Destination

To configure a Security Information and Event Management (SIEM) destination:
1. In the Embedded Web Server, click PropertiesSecurityLogsSIEM.
2. In the Share Events area, click the row for the destination that you need to configure. The destination settings window appears.
3. To enable the destination to receive events, for Enable Sharing, click the toggle button.
4. In the Destination Name field, type a name for the SIEM destination.
5. In the Connection area, configure the settings.
a. To select a protocol for transporting events to the configured destinations, for Transport
Protocol, select an option:
TCP/TLS (Secure/Recommended): This is a reliable protocol. This option is the default
and is the most secure.
TCP: This is a reliable protocol.
UDP
Note: Transmission Control Protocol (TCP) is a reliable protocol that performs well with
networks that are linked physically and with hosts that are stationary. TCP checks that all data packets are delivered to the receiving host, and retransmits any lost packets. This process ensures that all transmitted data is received eventually.
b. For Host (Syslog Server), specify a destination by host name, IPv4, or IPv6 address.
Note:
The device supports destination port numbers from 1–65535.
If you select TCP/TLS, the default port number is 6514.
If you select TCP or UDP, the default port number is 514.
6. To test the connection:
a. Ensure that sharing is enabled.
b. Click Test Connection.
c. If the ping to the destination fails, verify the configuration, then retest the connection.
7. In the Event Policies area, click Event Range. In the Event Range window, select a logging severity level, then click Save. The default is severity level 4.
Note: When you select a severity level, messages for that level and more critical levels are
sent to the SIEM destination.
8. Click Save.
9. To send a test to the SIEM destinations, click Send Sample Event. At the prompt, click Send. A sample event is sent to all destinations that are configured and enabled. Check with the SIEM Administrator to confirm that their SIEM system received the Xerox device event.
Note: If no destinations are configured, the Send Sample Event function is not available.
16
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
Device Configuration

Editing a SIEM Destination

To edit a Security Information and Event Management (SIEM) destination:
1. In the Embedded Web Server, click PropertiesSecurityLogsSIEM.
2. In the Share Events area, click the row for the destination that you need to edit.
3. At the prompt, select an option:
To view or modify the destination settings, click Edit. For details, refer to Configuring a SIEM
Destination.
To clear the destination settings, click Reset. At the confirmation prompt, click Reset.
®
Xerox
Security Information and Event Management Reference Guide
AltaLink®Series
17
Device Configuration
18
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
3

Message Format

This chapter contains:
Message Format Overview .................. ..... ...................... ..... ..... ................. ..... ..... ..... ................. . 20
Syslog Message Format.................... ..... ..... ...................... ..... ...................... ..... ..... ..................... 21
Severity Levels . ..... ..... ...................... ..... ...................... ..... ..... ...................... ..... ..... ................. .... 22
Xerox®AltaLink®Series
Security Information and Event Management Reference Guide
19
Message Format

Message Format Overview

Syslog messages that your Xerox device generates include the log message and a standard set of data that provides details about the event. Information about the source Xerox device, when the event happened, the severity level, and a description of the syslog event are provided.
Syslog messages use the RFC 5424 Syslog Protocol, and are reported using Common Event Format (CEF). CEF standard format was developed by ArcSight. CEF is an extensible, text-based format, designed to support multiple device types. CEF defines a syntax for log records that comprises a standard header and variable extension, which are formatted as key-value pairs.
Xerox syslog event messages are composed of the following predefined fields:
<109>
SYSLOG-MSG
SYSLOG-HEADER
CEF Header
CEF Message
2020-04-12T19:20:50-05:00
SalesNEteam
CEF:0
Xerox
Altalink C8135
111.009.009.23300
1
System startup
5
dvchost=SalesNEteam deviceExternalId= GN1592376
20
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
Message Format

Syslog Message Format

The following table lists each of the syslog message fields and provides a description and example of the data that is generated for each field.
Fields
SYSLOG­HEADER
PRI The PRI number is known as the
Description Example
<109>
Priority value (PRIVAL) and represents both the Facility and Severity. The Priority value is calculated by multiplying the Facility code by 8, then adding the numerical value of the Severity.
Note: Xerox devices use
Log Audit Facility code 13.
TIMESTAMP yyyy-mm-ddThh:mm:ss+-ZONE 2020-04-12T19:20:50-
05:00
HOSTNAME Hostname of the device SalesNEteam
CEF Header CEF:Version CEF:0 CEF:0
Device Vendor Device manufacturer Xerox
Device Product Device model name Altalink C8135
Device Version Device Software Version 111.009.009.23300
Device Event ClassIDAudit Log ID 1
Name Description of the event System startup
Severity Syslog severity 5
CEF Message [Extension] The audit log event entry data,
formatted in CEF format
dvchost=SalesNEteam deviceExternalId= GN1592376
Example of a complete event:
<109> 2020-04-12T19:20:50-05:00 SalesNEteam CEF:0|Xerox|Altalink C8135|
111.009.009.21000 |1 | System startup |5|dvchost=SalesNEteam
deviceExternalId=GN1592376
®
Xerox
AltaLink®Series
Security Information and Event Management Reference Guide
21
Message Format

Severity Levels

The System Administrator can control the events that are sent to SIEM systems based on severity.
Syslog messages that are generated by Xerox devices use the following severity levels, as defined in the RFC 5424 Syslog Protocol:
Numerical Code
0 Emergency System is unusable
1 Alert Action must be taken immediately
2 Critical Critical conditions
3 Error Error conditions
4 Warning Warning conditions
Severity Level Description
5 Notice Normal but significant condition
6 Informational Informational messages
7 Debug Debug-level messages
22
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
4

Message List

This chapter contains:
Message List Overview ............. ..... ...................... ..... ..... ...................... ..... ..... ................. ..... ..... .. 29
CEF Key Name Mapping ... ..... ................. ..... ..... ...................... ..... ..... ...................... ..... .............. 30
1 System Startup ..... ..... ...................... ..... ........................... ..... ...................... ..... ..... ................. . 32
2 System Shutdown ................. ..... ...................... ..... ..... ...................... ..... ..... ................. ..... ..... .. 33
3 Standard Disk Overwrite Started......................... ..... ...................... ..... ..... ................. ..... ..... ..... 34
4 Standard Disk Overwrite Complete ............. ..... ........................... ..... ...................... ..... ..... ..... ... 35
5 Print Job . ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... ..... ...................... ..... 36
6 Network Scan Job ... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ................ 37
7 Server Fax Job.. ..... ..... ...................... ..... ........................... ..... ...................... ..... ..... ................. . 38
8 Internet Fax Job................. ..... ...................... ..... ..... ...................... ..... ..... ................. ..... ..... ..... 39
9 Email Job ..... ..... ..... ..... ................. ..... ..... ...................... ..... ...................... ..... ..... ...................... 40
10 Audit Log Disabled ............... ..... ..... ...................... ..... ........................... ..... ...................... ..... . 41
11 Audit Log Enabled............ ..... ..... ...................... ..... ........................... ..... ...................... ..... ..... 42
12 Copy Job ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... .... 43
13 Embedded Fax Job . ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ............... 44
14 LAN Fax Job . ..... ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ............... 45
16 Full Disk Overwrite Started . ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ... 46
17 Full Disk Overwrite Complete.............. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... .... 47
20 Scan to Mailbox Job................. ..... ..... ..... ................. ..... ..... ..... ............ ..... ..... ..... ..... .............. 48
21 Delete File/Dir.............. ..... ..... ...................... ..... ...................... ..... ..... ................. ..... ..... ..... .... 49
23 Scan to Home . ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... 50
24 Scan to Home Job ... ..... ...................... ..... ........................... ..... ...................... ..... ..... .............. 51
27 Postscript Passwords ..... ..... ..... ...................... ..... ........................... ........................... ..... ..... ... 52
29 Network User Login.. ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ............. 53
30 SA Login . ................. ..... ..... ...................... ..... ........................... ..... ...................... ..... ..... ..... ... 54
31 User Login.. ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... 55
32 Service Login Diagnostics ...................... ..... ........................... ..... ...................... ..... ..... ........... 56
33 Audit Log Download .... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... .... 57
34 Immediate Job Overwrite Enablement .. ..... ................. ..... ..... ..... ................. ..... ..... ..... ........... 58
35 SA PIN Changed ................. ..... ........................... ..... ...................... ..... ..... ................. ..... ..... .. 59
Xerox®AltaLink®Series
Security Information and Event Management Reference Guide
23
Message List
36 Audit Log File Saved. ..... ..... ..... ...................... ..... ........................... ........................... ..... ..... ... 60
37 Force Traffic over Secure Connection.. ..... ...................... ..... ..... ................. ..... ..... ..... .............. 61
38 Security Certificate.. ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... .............. 62
39 IPsec. ..... ...................... ..... ........................... ..... ...................... ..... ..... ................. ..... ..... ..... .... 63
40 SNMPv3................ ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ........... 64
41 IP Filtering Rules .................. ........................... ..... ...................... ..... ..... ..... ............ ..... ..... ..... . 65
42 Network Authentication Configuration.. ..... ........................... ..... ...................... ..... ..... ........... 66
43 Device Clock................. ..... ..... ..... ................. ..... ..... ...................... ..... ........................... ..... .... 67
44 Software Upgrade..... ..... ..... ...................... ..... ...................... ..... ..... ...................... ..... ..... ....... 68
45 Clone File Operations ............... ..... ..... ..... ............ ..... ..... ..... ................. ..... ..... ..... ................... 69
46 Scan Metadata Validation..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... 70
47 Xerox Secure Access Configuration.. ..... ...................... ..... ..... ...................... ..... ...................... 71
48 Service Login Copy Mode . ................. ..... ..... ...................... ..... ...................... ..... ..... ............... 72
49 Smartcard Login. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... ..... ......... 73
50 Process Terminated ................. ..... ..... ...................... ..... ........................... ..... ...................... ... 74
51 Scheduled Disk Overwrite Configuration ...................... ..... ........................... ..... ..................... 75
53 Saved Jobs Backup ..... ................. ..... ..... ...................... ..... ........................... ..... ..................... 76
54 Saved Jobs Restore... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... .................. 77
57 Session Timer Logout ..... ............ ..... ..... ..... ................. ..... ..... ........................... ...................... 78
58 Session Timeout Interval Change ... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. . 79
59 User Permissions .......... ..... ..... ..... ................. ..... ..... ...................... ..... ..... ...................... ..... .... 80
60 Device Clock NTP Configuration ........ ..... ...................... ..... ..... ...................... ..... ..... ............... 81
61 Device Administrator Role Permission................ ..... ..... ..... ................. ..... ..... ..... ............ ..... .... 82
62 Smartcard Configuration.... ..... ..... ................. ..... ..... ...................... ..... ........................... ..... ... 83
63 IPv6 Configuration..... ..... ..... ................. ..... ..... ...................... ..... ........................... ..... ........... 84
64 802.1x Configuration ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... ....... 85
65 Abnormal System Termination ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ... 86
66 Local Authentication Enablement . ..... ..... ............ ..... ..... ..... ..... ............ ..... ..... ..... ................... 87
67 Web User Interface Login Method................ ..... ........................... ..... ...................... ..... ..... .... 88
68 FIPS Mode Configuration ... ..... ...................... ..... ........................... ..... ...................... ..... ..... ... 89
69 Xerox Secure Access Login.... ..... ..... ...................... ..... ..... ...................... ..... ...................... ..... . 90
70 Print from USB Enablement... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... 91
71 USB Port Enablement.. ..... ..... ............ ..... ..... ..... ...................... ..... ........................... ............... 92
72 Scan to USB Enablement ... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ... 93
73 System Log Download................ ..... ..... ..... ................. ..... ..... ...................... ..... ...................... 94
74 Scan to USB Job.... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... ..................... 95
24
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
Message List
75 Remote Control Panel Configuration ................. ..... ..... ..... ................. ..... ..... ..... ............ ..... .... 96
76 Remote Control Panel Session ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... .... 97
77 Remote Scan Feature Enablement.... ..... ..... ................. ..... ..... ..... ................. ..... ..... ................ 98
78 Remote Scan Job Submitted ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. . 99
79 Remote Scan Job Completed. ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ... 100
80 SMTP Connection Encryption .. ...................... ..... ........................... ..... ...................... ..... ..... . 101
81 Email Domain Filtering Rule ............... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ....... 102
82 Software Verification Test Started ... ..... ..... ................. ..... ..... ...................... ..... .................... 103
83 Software Verification Test Complete..... ..... ................. ..... ..... ........................... ..... ............... 104
84 McAfee Security State.. ...................... ..... ...................... ..... ..... ................. ..... ..... ..... ............ 105
85 McAfee Security Event.. ..... ........................... ..... ...................... ..... ..... ................. ..... ..... ..... .. 106
87 McAfee Agent ................. ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ... 107
88 Digital Certificate Import Failure..................... ..... ...................... ..... ..... ..... ............ ..... ..... .... 108
89 Device User Account Management ... ..... ...................... ..... ..... ................. ..... ..... ..... ............. 109
90 Device User Account Password Change ........ ..... ..... ...................... ..... ..... ...................... ..... .. 110
91 Embedded Fax Job Secure Print Passcode.... ..... ..... ................. ..... ..... ...................... ..... ........ 111
92 Scan to Mailbox Folder Password. ..... ..... ..... ................. ..... ..... ...................... ..... ................... 112
93 Embedded Fax Mailbox Passcode ... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ........... 113
94 FTP / SFTP Filing Passive Mode..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... . 114
95 Embedded Fax Forwarding Rule................. ..... ...................... ..... ..... ................. ..... ..... ..... ..... 115
96 Allow Weblet Installation ..... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................ 116
97 Weblet Installation ..... ..... ..... ............ ..... ..... ..... ...................... ..... ........................... ..... ........ 117
98 Weblet Enablement... ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ..... 118
99 Network Connectivity Configuration. ..... ...................... ..... ........................... ..... ................... 119
100 Address Book Permissions........ ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................ 120
101 Address Book Export ............. ..... ........................... ..... ...................... ..... ..... ................. ..... . 121
102 Software Upgrade Policy .......... ..... ...................... ..... ..... ................. ..... ..... ..... ................. ... 122
103 Supplies Plan Activation ...................... ..... ........................... ..... ...................... ..... ..... ......... 123
104 Plan Conversion .......... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... . 124
105 IPv4 Configuration..... ..... ................. ..... ..... ...................... ..... ........................... ..... ............ 125
106 SA PIN Reset....... ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ......... 126
107 Convenience Authentication Login ... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... .. 127
108 Convenience Authentication Configuration . ..... ..... ..... ................. ..... ..... ...................... ..... . 128
109 Embedded Fax Passcode Length. ........................... ..... ...................... ..... ..... ................. ..... . 129
110 Custom Authentication Login....... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ........... 130
111 Custom Authentication Configuration ..... ..... ..... ...................... ..... ..... ...................... ..... ..... 131
Xerox
®
AltaLink®Series
25
Security Information and Event Management Reference Guide
Message List
112 Billing Impression Mode ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... ..... .... 132
114 Clone File Installation Policy... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... 133
115 Save For Reprint Job.... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ...................... ..... . 134
116 Web User Interface Access Permission. ..... ..... ...................... ..... ........................... ..... ......... 135
117 System Log Push to Xerox ... ..... ..... ................. ..... ..... ...................... ..... ........................... ... 136
120 Mopria Print Enablement ..... ...................... ..... ...................... ..... ..... ...................... ..... ..... .. 137
123 Near Field Communication (NFC) Enablement .. ..... ...................... ..... ..... ................. ..... ..... 138
124 Invalid Login Attempt Lockout ... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... . 139
125 Secure Protocol Log Enablement ........ ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ..... 140
126 Display Device Information Configuration..... ...................... ..... ..... ...................... ..... ......... 141
127 Successful Login After Lockout Expired ..... ..... ...................... ..... ..... ...................... ..... ......... 142
128 Erase Customer Data .................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ......... 143
129 Audit Log SFTP Scheduled Configuration... ..... ...................... ..... ........................... ..... ........ 144
130 Audit Log SFTP Transfer . ..... ..... ..... ................. ..... ..... ...................... ..... ........................... ... 145
131 Remote Software Download Policy.. ..... ...................... ..... ..... ................. ..... ..... ..... ............. 146
132 AirPrint & Mopria Scanning Configuration................... ..... ..... ................. ..... ..... ..... ............ 147
133 AirPrint & Mopria Scan Job Submitted.................. ..... ..... ...................... ..... ..... ................. .. 148
134 AirPrint & Mopria Scan Job Completed.. ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... .. 149
136 Remote Services NVM Write.... ..... ...................... ..... ........................... ..... ...................... .... 150
137 FIK Install via Remote Services................ ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... 151
138 Remote Services Data Push . ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ... 152
139 Remote Services Enablement ...................... ..... ...................... ..... ...................... ..... ..... ..... . 153
140 Restore Backup Installation Policy ..... ........................... ..... ...................... ..... ..... ................ 154
141 Backup File Downloaded .......... ..... ..... ..... ..... ............ ..... ..... ..... ...................... ..... ............... 155
142 Backup File Restored ..... ...................... ..... ...................... ..... ..... ...................... ..... ..... ......... 156
144 User Permission Role Assignment . ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ........... 157
145 User Permission Role Configuration......... ..... ..... ...................... ..... ........................... ..... ..... 158
146 Admin Password Reset Policy Configuration ...................... ..... ..... ................. ..... ..... ..... ..... . 159
147 Local User Account Password Policy..... ...................... ..... ........................... ..... ................... 160
148 Restricted Administrator Login ........ ..... ........................... ..... ...................... ..... ..... ............. 161
149 Restricted Administrator Role Permission ............... ..... ..... ...................... ..... ...................... . 162
150 Logout .................... ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ..... 163
151 IPP Configuration........... ..... ...................... ..... ..... ...................... ..... ..... ................. ..... ..... ... 164
152 HTTP Proxy Server Configuration..... ..... ................. ..... ..... ..... ................. ..... ..... .................. 165
153 Remote Services Software Download ... ................. ..... ..... ..... ................. ..... ..... .................. 166
154 Restricted Administrator Permission Role Configuration. ................. ..... ..... ..... ................. ... 167
26
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
Message List
155 Weblet Installation Security Policy.... ..... ........................... ..... ...................... ..... ..... ............ 168
156 Lockdown and Remediate Security Enablement.................... ..... ........................... ..... ........ 169
157 Lockdown Security Check Complete... ..... ..... ................. ..... ..... ..... ................. ..... ..... ........... 170
158 Lockdown Remediation Complete ....... ..... ........................... ..... ...................... ..... ..... ......... 171
159 Send Engineering Logs on Data Push ..... ..... ...................... ..... ..... ...................... ..... ..... ..... . 172
160 Print Submission of Clone Files Policy ..... ..... ................. ..... ..... ..... ................. ..... ..... ........... 173
161 Network Troubleshooting Data Capture ................. ..... ..... ..... ................. ..... ..... ..... ............ 174
162 Network Troubleshooting Data Download . ..... ..... ................. ..... ..... ..... ................. ..... ..... ... 175
163 DNS-SD Record Data Download .......... ..... ...................... ..... ..... ...................... ..... ..... ......... 176
164 One-Touch App Management .......... ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... ....... 177
165 SMB Browse Enablement . ........................... ..... ...................... ..... ...................... ..... ..... ..... . 178
166 Standard Job Data Removal Started.. ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ...... 179
167 Standard Job Data Removal Complete ..... ................. ..... ..... ..... ................. ..... ..... .............. 180
168 Full Job Data Removal Started .................... ..... ..... ...................... ..... ...................... ..... ..... . 181
169 Full Job Data Removal Complete ... ................. ..... ..... ...................... ..... ........................... ... 182
170 Scheduled Job Data Removal Configuration.... ..... ..... ..... ............ ..... ..... ..... ..... ............ ..... .. 183
171 Cross-Origin-Resource-Sharing (CORS) ..... ..... ............ ..... ..... ..... ...................... ..... ............... 184
172 One-Touch App Export .......... ..... ..... ...................... ..... ........................... ..... ...................... . 185
173 Fleet Orchestrator Trust Operations ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ......... 186
174 Fleet Orchestrator Configuration ..... ..... ..... ..... ..... ................. ..... ..... ...................... ..... ........ 187
175 Fleet Orchestrator - Store File for Distribution ..... ..... ..... ..... ................. ..... ..... ..... ................ 188
176 Xerox Configuration Watchdog Enablement.............. ..... ..... ..... ................. ..... ..... .............. 189
177 Xerox Configuration Watchdog Check Complete. ...................... ..... ..... ..... ............ ..... ..... .... 190
178 Xerox Configuration Watchdog Remediation Complete ............... ..... ..... ..... ................. ..... . 191
179 ThinPrint Configuration................ ..... ........................... ..... ...................... ..... ..... ................ 192
180 iBeacon Active . ................. ..... ..... ..... ..... ............ ..... ..... ..... ................. ..... ..... ...................... 193
181 Network Troubleshooting Feature....... ..... ..... ...................... ..... ..... ................. ..... ..... ..... ..... 194
182 POP3 Connection Encryption (TLS) ... ..... ................. ..... ..... ..... ................. ..... ..... ..... ............ 195
183 FTP Browse Configuration ........ ..... ..... ...................... ..... ........................... ..... .................... 196
184 SFTP Browse Configuration .......... ..... ........................... ..... ...................... ..... ..... ................ 197
189 Smart Proximity Sensor “Sleep on Departure” Enablement ............. ..... ..... ..... ................. ... 198
190 Cloud Browsing Enablement......... ..... ..... ..... ................. ..... ..... ...................... ..... ................ 199
192 Scan to Cloud Job ............ ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... . 200
193 Xerox Workplace Cloud Enablement ..... ..... ..... ..... ................. ..... ..... ...................... ..... ........ 201
194 Scan To Save FTP and SFTP Credentials Policy Configured........... ..... ..... ...................... ..... . 202
195 Card Reader ....................... ........................... ..... ...................... ..... ..... ..... ............ ..... ..... .... 203
Xerox
®
AltaLink®Series
27
Security Information and Event Management Reference Guide
Message List
196 EIP App Management ..... ...................... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... .. 204
197 EIP App Enablement . ...................... ..... ...................... ..... ..... ...................... ..... ..... ............. 205
199 Card Reader Upgrade Policy.. ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... . 206
200 Card Reader Upgrade Attempted ... ..... ..... ................. ..... ..... ...................... ..... ................... 207
204 Syslog Server Configuration...................... ..... ..... ................. ..... ..... ..... ..... ............ ..... ..... .... 208
205 TLS Configuration ................. ..... ..... ..... ................. ..... ..... ...................... ..... ...................... . 209
208 Canceled Job .... ...................... ..... ..... ...................... ..... ..... ................. ..... ..... ..... ................ 210
More Information ............... ..... ..... ................. ..... ..... ..... ................. ..... ..... ..... ................. ..... ..... 211
28
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
Message List

Message List Overview

This section provides a list of the syslog messages that are generated by Xerox devices. Events are transmitted in Common Event Format (CEF) and are sent as they occur.
System Administrators can use the message lists provided to analyze reported data, identify specific events, and investigate issues. A list of the standard CEF key names is provided to help administrators understand the message data that is generated.
For detailed information about the settings and features related to the record events, refer to the System Administrator Guide for your printer available at www.xerox.com/office/support, or the Embedded Web Server Help.
®
Xerox
Security Information and Event Management Reference Guide
AltaLink®Series
29
Message List

CEF Key Name Mapping

This table provides information about the standard CEF key names that are used in syslog event messages that your Xerox device generates. The key name used in the messages, the full name of the field, and a description of each name is provided.
Key Name
suser sourceUserName Identifies the source user by name, which is usually the
duser destinationUserName Identifies the user associated with the event
dvchost deviceHostName Displays the device name that is configured for the
deviceExternalId deviceExternalId Displays the serial number of the device.
act deviceAction Identifies the action taken by the device. Also shows
dst destinationAddress Displays a destination IPv4 address, IPv6 address, or
src sourceAddress Displays a source or session IPv4 address or IPv6
Full Name
Description
user logged in to the device when the event occurs. Additionally, email addresses are mapped into the UserName fields.
destination or target.
device.
the action taken after job completion.
host name.
address.
fileType fileType Shows the file types used in an event.
fname filename Shows the file names of files used in an event.
msg message Provides additional information about an event.
outcome eventOutcome Identifies the outcome of an event.
reason Reason Identifies the reason an event was generated.
request requestUrl Displays the URL that was accessed during an event.
spriv sourceUserPrivileges Shows the user privilege or role assigned to the user
during an event.
sproc sourceProcessName Displays the name of the event source process.
sourceServiceName sourceServiceName Identifies the service that is responsible for generating
the event.
30
Xerox®AltaLink®Series Security Information and Event Management Reference Guide
Loading...
+ 184 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use