Server settings allow you to configure how your servers function in each environment. You can modify these configurations in the servers grid, or select Server Settings in the dropdown menu to work in the dialog.
You can rename your server anything you like, and designate the environment in which a server will be running. Feel free to override the server log file path, too.
The Log Level field allows you to control which events are processed by server logging, and can help you more effectively capture events. Contrast generally recommends that you run in Error mode, unless a problem occurs and you're asked to collect more metrics by support.
Contrast's logs follow the general Log4J standard and honor their level designations as much as possible. Contrast offers the following log levels:
Assessment provides detailed information on vulnerabilities discovered by Contrast so that you can track, share and receive remediation guidance. Turning Assessment on allows you to enable sampling and designate how stacktraces are captured. Sampling allows Contrast to selectively analyze requests in order to avoid repeat analysis and improve server performance. Capturing stacktraces allows the server to collect data about the current state, including the lines of code being executed. Turning off results in less performance on the application(s); however, you'll have less clarity on where underlying security issues are occurring.
Sampling is a mode of operation in Contrast that greatly reduces the runtime performance penalty of the security analysis by eliminating redundant analysis on the same URLs. Once a URL has been properly sampled, you can stop monitoring during requests for that URL.
You can enable sampling while downloading an engine in the Download the Engine step of the installation wizard. To do this, perform the following steps:
Contrast provides helpful default values, but you may want to configure these values more precisely.
Java clients can also enable sampling by passing in the
-Dcontrast.sampling JVM System property. Passing an empty system property enables sampling with a:
Alternatively, you can use
-Dcontrast.sampling = X, Y, Z where:
Protection provides monitoring of your servers and applications - identifying and blocking attacks in real time. Turning Protection on gives you the option to bot block, which allows Contrast to use simple signaturing to block traffic from scrapers, attack tools and other unwanted automation.
You can also output events to Syslog for one or multiple servers. Read the article on Output to Syslog to learn more about enabling this feature.
Note: Turning Protection on by default requires that Protect licenses are automatically applied to servers.
This feature allows Java clients to send security logs to a remote Syslog server in addition to the Contrast security log. By sending logs to Syslog, you no longer have to monitor Contrast logs.
Note: The following instructions are written in the context that a Protection license is applied to the server(s) on which you would like to enable Syslog output. If a Protection license is applied, a shield icon appears beside the server name. If no license is applied, Syslog actions are disabled in the row menu of the individual server or ignored for all non-licensed selections within the batch action.
Organization settings act as the default configuration for all new servers. You can set these by going to the User menu > Organization Settings > Servers tab. Select the checkbox to Enable output of Protection events to Syslog, which reveals additional fields, and then enter your desired settings.
You can toggle through the severity badges to define severity levels for each. The defaults are:
For more information on creating server configurations in Organization Settings, go to the Server Defaults article.
From the Servers page, you can enable and configure Syslog output to individual servers or to multiple servers at one time. (See the Batch Actions section in this article for more information.) For an individual server, select Enable Output to Syslog in the row dropdown menu. Edit and Disable actions are available once Syslog is enabled.
If you choose the Enable Output to Syslog action, the workflow proceeds directly to a configuration dialog. If Syslog defaults have been set for the server environment in Organization Settings, those values are prepopulated here.
When Syslog output is enabled on a server, the shield icon next to the server name is updated to include a blue arrow. Hovering over this icon produces a tooltip with the output location of Protection events.
Selecting one or more servers in the Servers grid enables the Protection Licensing and Output menu, which includes the Enable, Edit and Disable Output to Syslog actions. These actions are only functional when at least one of the selected servers is eligible, and the action is only applied to the eligible selection(s).
You can also control licensing within the menu. When you select Apply Protection License for one or more servers, the Upgrade License dialog includes a checkbox to Enable output of Protection events to Syslog.
You can access server settings for an individual server in the row dropdown menu or from the Server Settings icon in the top right of the server's Overview page. The Server Settings dialog includes a checkbox to Enable output of Protection events to Syslog. Checking the box expands the dialog to show the configuration, where you can create server-specific Syslog properties.
Note: You may have to enable remote logging so that your Syslog can receive outside messages.