UDLA - Gallagher Command Centre

Gallagher Command Centre offers centralized site visibility and monitoring to enhance situational awareness on both local and remote sites. Everything that happens on site is relayed to your Command Centre operators in real-time, enabling a quick and accurate response to security threats. Seamless integration with complimentary security and site management solutions creates smarter, more cost-effective ways to operate. Flexible, advanced auditing and reporting allows you to retrieve data and make operational decisions with greater precision.

Device Details

Vendor	Gallagher
Device Type	Access Control
Supported Model Name/Number	Gallagher Command Centre
Supported Software Version(s)	Gallagher Command Centre v8.10
Collection Method	UDLA
Configurable Log Output?	Yes
Log Source Type	UDLA – Gallagher Command Centre
Log Processing Policy	LogRhythm Default
Exceptions	N/A
Additional Information	The .config files provide a method for customizing field labels in the log output; however, by default, this should remain unchanged, as support is only provided via the default configuration.

Prerequisites

Device Configuration Checklist

The IP address and hostname of the Microsoft SQL Database Server used by Gallagher Command Centre
ODBC drivers installed on the same host as LogRhythm agent
Account and password to be used by LogRhythm for accessing the Gallagher Command Centre log data on the Microsoft SQL Database Server, if necessary
Working ODBC Data Source connection and connection string to Gallagher Command Centre server. LogRhythm does not support troubleshooting connection strings, one example is setting up a “System DSN” in ODBC Data Sources and the connection string, as shown below:
DSN=<DSNname>; UID=<username>; PWD=<password>;

Connectionstrings.com is a good reference for more information on connection strings.
Configuration file: Gallagher Command Centre.xml

After you configure the device, you must also configure LogRhythm according to the instructions provided on the overview page of this guide. Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.

Before you begin, download the Gallagher Command Center configuration file. You will import this file later to populate the UDLA configuration fields for the Log Source.

The name of the log message source is UDLA - Gallagher Command Centre. In addition, when configuring this log source:

For Log Message Processing Engine (MPE) Policy, select LogRhythm Default.
On the UDLA Settings tab, enter the following:
- Click Import, and then browse to and open the XML file that you downloaded from LogRhythm.
- Modify the connection string for your configuration.
  LogRhythm does not support troubleshooting connection strings, one example that works is setting up a “System DSN” in ODBC Data Sources and using the connection string below in the Log Source UDLA Settings tab:
  DSN=<dsn_name>; UID=<username>; PWD=<password>;
  Connectionstrings.com is a good reference for more information on connection strings.
- If the console is installed on the same host as the LogRhythm agent, click Test.
  If the test fails, verify the connection settings and that all values were entered correctly.
- When the test passes, close the Test dialog box.

Parsed Metadata Fields

Product Field Name	LogRhythm Metadata Field	Value/Data Type
ArchiveFileID=	<tag4>	Numeric
CardNumber=	<serialnumber>	Numeric
Details=	<tag3>	Numeric
DivisionID=	<tag2>	Numeric
EventClass=	<group>	Numeric
EventType=	<vmid>, <tag1>	Numeric
FacilityCode=	<process>	Numeric
GlobalID=	<session>	Alphanumeric
IssueLevel=	<tag5>	Numeric
Message=	<vendorinfo>, <login>, <objectname>, <object>	Text
OccurranceCount=	<quantity>	Numeric
Priority=	<severity>	Numeric
Reason=	<reason>	Text
Status=	<status>	Numeric