Server settings allow you to configure how your servers function in each environment. You can modify these configurations in the servers grid, or select Server Settings in the dropdown menu to work in the dialog.
You can rename your server anything you like, and designate the environment in which a server will be running. Feel free to override the server log file path, too.
The Log Level field allows you to control which events are processed by server logging, and can help you more effectively capture events. Contrast generally recommends that you run in Error mode, unless a problem occurs and you're asked to collect more metrics by support.
Contrast's logs follow the general Log4J standard and honor their level designations as much as possible. Contrast offers the following log levels:
Assess provides detailed information on vulnerabilities discovered by Contrast so that you can track, share and receive remediation guidance. Turning Assess on allows you to enable sampling and designate how stacktraces are captured. Sampling allows Contrast to selectively analyze requests in order to avoid repeat analysis and improve server performance. Capturing stacktraces allows the server to collect data about the current state, including the lines of code being executed. Turning off results in less performance on the application(s); however, you'll have less clarity on where underlying security issues are occurring.
Sampling is a mode of operation in Contrast that greatly reduces the runtime performance penalty of the security analysis by eliminating redundant analysis on the same URLs. Once a URL has been properly sampled, you can stop monitoring during requests for that URL.
You can enable sampling while downloading an engine in the Download the Engine step of the installation wizard. To do this, perform the following steps:
Contrast provides helpful default values, but you may want to configure these values more precisely.
Java clients can also enable sampling by passing in the
-Dcontrast.sampling JVM System property. Passing an empty system property enables sampling with a:
Alternatively, you can use
-Dcontrast.sampling = X, Y, Z where:
Protect provides monitoring of your servers and applications - identifying and blocking attacks in real time. Turning Protect on gives you the option to bot block, which allows Contrast to use simple signaturing to block traffic from scrapers, attack tools and other unwanted automation. You can also output events to Syslog for one or multiple servers.
Note: Turning Protect on by default requires that Protect licenses are automatically applied to servers.
This feature allows you to send security logs to a remote Syslog server in addition to the Contrast Security log. By sending logs to Syslog, you no longer have to monitor Contrast logs.
- The following instructions are written in the context that a Protect license is applied to the server(s) on which you would like to enable Syslog output.
- You may have to enable remote logging so that your Syslog can receive outside messages.
Organization settings act as the default configuration for all new servers. To set up or edit default server settings, go to the User menu > Organization Settings > Servers tab. In the configuration form, select the checkbox to Enable output of Protect events to Syslog, which reveals additional fields, and then enter the appropriate settings.
For more information on creating server configurations in Organization Settings, go to Server Defaults.
From the Servers page, you can enable and configure Syslog output to an individual server or multiple servers at one time.
To enable Syslog on an individual server, hover over the grid row, and select the Server Settings icon.
In the Server Settings dialog, check the box to Enable output of Protect events to Syslog. If Syslog defaults have been set for the server environment in Organization Settings, the values are prepopulated in the fields that appear. Once you save the settings, Syslog is enabled on the server.
To enable Syslog on multiple servers, use the check marks to select the servers, and select the Server Settings icon in the action bar.
Note: If one or more of the selected servers is not eligible to have Syslog enabled, Syslog is only enabled on the servers that are eligible.
In the Bulk Server Settings dialog, click the Edit link to enable the option to send Protect events to Syslog. Select the checkbox to Send output of Protect events to Syslog, and complete the fields that appear. Once you complete all required fields and save the settings, Syslog is enabled on the selected servers.
Note: If all selected servers are in the same environment, and Syslog defaults are set for that environment in Organization Settings, the values are prepopulated in the fields that appear. If eligible servers selected are in different environments, you can choose to use the default settings for the applicable servers or manually configure the settings for all servers.
When Syslog is enabled, the server has a gray arrow icon beside its name in the grid. Hover over the icon to see the output location of Protect events.
To edit server settings, repeat the steps above to update the values in the appropriate configuration form, and save your changes.