03-21-2014 06:36 AM
I successfully actived Wildfire in my environment..however, no data is being pushed to my external syslog server (Splunk) or the online Wildfire portal. Is there a sample file I can download to test if its working?
03-21-2014 07:09 AM
We will assume that you have licensed and configured wildfire to work properly.. check the following doc if you need to verify:
Please remember to set the file types to "PE" (Portable Executable)
If you need to check on the Wildfire functionality, you can run through a couple of commands to do so:
Once the basic configuration is complete, the following command provides the details of the best server selected:
> test wildfire registration
To verify, if any files have been forwarded to the server, enter the following command:
> show wildfire status
To view the count of how many PE files have been checked, found to be clean or uploaded, issue the command:
>show wildfire statistics
This information was in this doc:
How to Check the Connectivity to Wildfire and Upload Status of Files
Once you have this configured properly, you can test with any .exe file.
There are test eicar virus files that you can download and test (as far as the Anti-virus doesn't catch the file first).
Here is link to the Eicar.com website to download test files in many different ways.
http://www.eicar.org/85-0-Download.html
Please let us know if this helps.
03-21-2014 07:10 AM
Hi rrau,
on this site http://www.eicar.org/85-0-Download.html (you can also google for the eicar-testfile). This file should trigger a log-entry.
Cheers Klaus
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
