Document toolboxDocument toolbox

data.destination > wizard

Owned by Shirly Tsang
Aug 12, 2021
2 min read

The data.destination > wizard command enables you to configure the cloud and reporting destination for Data Connector.

Syntax

data.destination > wizard

Example

data.destination > wizard

Do you want to configure data output cloud registration settings y/n [y]:
y
Please use: '?' for help on available command
options.
Please enter cloud url[ https://usa-va.csp.infoblox.com ]:
Settings unchanged.
Please enter api_key[ <Your_API_Key> ]:
Settings unchanged.
Please enter agent_id[ <Your_Agent_ID> ]:
Settings unchanged.
url: https://usa-va.csp.infoblox.com
api_key: <Your_API_Key>
agent_id: <Your_Agent_ID>
Is it correct? y/n [y]:
y
Do you want to configure data output cloud settings
y/n [y]:
y
Please use: '?' for help on available command options.
Please enter Output cloud mode configuration[disabled ]:
forward
Data will start transmitting immediately
ok
The output mode is forward
Is it correct? y/n [y]:
y

Do you want to configure data output ArcSight settings y/n [y]:

y

Please use: '?' for help on available command options.

Please enter ArcSight SIEM address[ 10.196.104.222 ]:

10.196.3.4

ok

Do you want to add more values? y/n [n]:

y

Please enter ArcSight SIEM address[ 10.196.3.4 ]:

10.196.3.5

ok

Do you want to add more values? y/n [n]:

n

Please enter ArcSight default port[ 514 ]:

514

ok

Please enter ArcSight mode[ disabled ]:

hold

ok

Address: 10.196.3.5

ArcSight port is 514

The output mode is hold

Is it correct? y/n [y]:

y

Do you want to configure data output QRadar settings y/n [y]:

y

Please use: '?' for help on available command options.

Please enter QRadar SIEM address:

10.196.8.9

ok

Do you want to add more values? y/n [n]:

y

Please enter QRadar SIEM address[ 10.196.8.9 ]:

10.196.8.10

ok

Do you want to add more values? y/n [n]:

n

Please enter QRadar default port[ 6514 ]:

6514

ok

Please enter QRadar mode[ disabled ]:

disabled

ok

Address: 10.196.8.10

QRadar port is 6514

The output mode is disabled

Is it correct? y/n [y]:

y

Do you want to configure data maxSyslogDelayTime settings y/n [y]:

n

Do you want to configure data output splunk settings y/n [y]:
y
Please use: '?' for help on available command options.
Please enter splunk indexers:
10.10.1.2
ok
Do you want to add more values? y/n [n]:
n
Please enter splunk index name:
test
ok
Please enter splunk source type[ ib:dns:captures ]:
Settings unchanged.
Please enter splunk default indexer port[ 9997 ]:
Settings unchanged.
Please enter splunk mode[ disabled ]:
Settings unchanged.
Indexers:
10.10.1.2
Index name is test
Source type is ib:dns:captures
Default indexer port is 9997
The output mode is disabled
Is it correct? y/n [y]:
y

Do you want to configure data output McAfee settings y/n [y]:

y

Please use: '?' for help on available command options.

Please enter McAfee SIEM address[ 10.196.104.222 ]:

10.196.104.222

Address 10.196.104.222 already defined

Please enter McAfee SIEM address[ 10.196.104.222 ]:

Settings unchanged.

Please enter McAfee default port[ 6514 ]:

Settings unchanged.

Please enter McAfee mode[ disabled ]:

disabled

ok

Address: 10.196.104.222

McAfee port is 6514

The output mode is disabled

Is it correct? y/n [y]:

y

Do you want to configure data syslogBatchSize settings y/n [y]:

n

Do you want to configure data output reporting settings y/n [y]:
y
Please use: '?' for help on available command options.
Please enter reporting mode[ disabled ]:
forward
Data will start transmitting immediately
ok
The output mode is forward
Is it correct? y/n [y]:
y
Setup wizard finished successfully