Skip to content

Under Construction

🚧 🚧 🚧 🚧 🚧

Install log simulator

To install log simulator, you'll need a running TeskaLabs LogMan.io installation.

The log simulator is a part of LogMan.io Collector. Default configuration of LogMan.io Collector provides you with simulated logs of Microsoft 365, Microsoft Windows Events technologies and Linux sample logs in RFC 3164 format.

Create a tenant

Create a tenant in which you want to simulate logs.

  • Create new tenant in the UI (Auth&Roles > Tenants > New tenant)
  • Assign your credentials to the new tenant
  • Go to Maintenance > Configuration and create a new configuration in the Tenants folder with the name of your tenant. In the new configuration select ECS schema and your timezone
  • Log out and log in into the new tenant

Add library with simulated log sources

In the UI, go to Maintanance > Configuration

Add next layer of the Library.

libsreg+https://libsreg.z6.web.core.windows.net/lmio-collector-library

Add collector service to model

Add lmio-collector service to services section of model.yaml file.

/library/Site/model.yaml
services:
  ...
  lmio-collector:
   - <node_id>

Apply the changes!

curl -X 'POST' 'http://<node_id>:8891/node/<node_id>' -H 'Content-Type: application/json' -d '{"command": "up"}'

In the Web UI, go the the Collectors screen and provision new collector.

Create eventlane and start parsing

Simply use Event Lane Manager:

curl -X 'PUT' 'http://<node_id>:8954/create-eventlane' -H 'Content-Type: application/json' -d '{"tenant": "<your tenant>", "stream": "microsoft-365-mirage", "node_id": "<node_id>" }'