eTrust Audit Reference Guide - CA Technologies

More documents

Recommendations

Info

Mapping Examples .......................................................................... 13-17 Mandatory Fields for Event Identification.................................................. 13-17 Common Predefined Fields for Event Identification ......................................... 13-19 Optional Predefined Fields for Event Identification ......................................... 13-19 Common Predefined Fields for Event Description .......................................... 13-20 Mapping Events to Predefined Categories ................................................. 13-22 System Access........................................................................... 13-23 Account Management.................................................................... 13-24 Object Access ........................................................................... 13-25 Policy Management...................................................................... 13-26 Security Systems ........................................................................ 13-27 Physical Security ........................................................................ 13-28 Network ................................................................................ 13-28 Detailed Tracking ....................................................................... 13-30 System/Application, Administration and General Events ................................... 13-31 Fields Internal to eTrust Audit ............................................................ 13-32 Reserved Keywords ......................................................................... 13-32 Chapter 14: Recorder for Check Point FireWall-1 Reference Information Flow............................................................................. 14-1 Preinstallation Considerations ................................................................. 14-3 Configuring the Check Point FireWall-1 Servers ............................................. 14-3 Information You Need to Collect ........................................................... 14-3 Installing the Recorder for Check Point FireWall-1............................................... 14-4 Installing in a Solaris Environment ............................................................. 14-4 Installing the Recorder for Check Point FireWall-1 ........................................... 14-5 Upgrading the Data Tools ................................................................. 14-6 Configuration Values ......................................................................... 14-7 Registry Keys and .ini File ................................................................. 14-7 Windows Registry Entries ................................................................. 14-7 Solaris eAudit.ini File Values ............................................................. 14-10 Technical Information ....................................................................... 14-13 OPSEC Connection Types ................................................................ 14-13 Configuring Check Point FireWall-1 Servers ............................................... 14-14 viii Reference Guide
Chapter 15: Using the eTSAPISend Program eTSAPISend.exe ............................................................................. 15-1 Example .................................................................................... 15-2 Sample Batch File ............................................................................ 15-3 Chapter 16: Inserting eTrust Access Control Records in Bulk to a Collector Database Using acloader Insert Records into an Oracle Database......................................................... 16-1 Remove the Indexes from SEOSDATA ......................................................... 16-2 Recreate the Indexes in SEOSDATA ........................................................... 16-2 The acloader Utility .......................................................................... 16-3 Examples ................................................................................... 16-5 Chapter 17: Inserting eTrust Access Control Records in Bulk to a Collector Database Using selogrd and sqlldr Requirements ............................................................................... 17-1 Converting the eTrust Access Control Audit Log to Oracle Import File Format..................... 17-1 Insert the Data into an Oracle Database using the sqlldr Utility ................................... 17-3 Create One Import File and Insert It into the Oracle Database ................................ 17-3 Create Multiple Import Log Files and Insert Them Separately into the Oracle Database ......... 17-4 Examples ................................................................................... 17-4 Chapter 18: iRecorder Development Reference Overview of the iTechnology SDK............................................................. 18-2 iRecorder Design and Architecture ............................................................ 18-3 Components of iTechnology .............................................................. 18-3 iRecorder................................................................................ 18-6 iRouter.................................................................................. 18-7 How to Create an iRecorder Development Environment ......................................... 18-7 Development Environment ............................................................... 18-7 Development Machine.................................................................... 18-8 Test Environment ....................................................................... 18-10 How To Develop an iRecorder ............................................................... 18-11 Step 1: Identify Information about Required Fields for eTrust Audit.......................... 18-11 Step 2: Establish a Method to Access Log Events ........................................... 18-13 Contents ix
Page 1 and 2: eTrust Audit Reference Guide 1.5 S
Page 3 and 4: Contents Chapter 1: Introduction Ch
Page 5 and 6: Chapter 6: Windows Registry Entries
Page 7: Changing the Database Type.........
Page 11: Chapter 1 Introduction This guide p
Page 14 and 15: Commands to Control the Services Co
Page 16 and 17: Commands to Control the Services -s
Page 18 and 19: Distribution Agent Service (acdista
Page 20 and 21: Log Router Service (aclogRd) Log Ro
Page 22 and 23: Redirector Service (SeLogRd) Redire
Page 24 and 25: Portmap Service Portmap Service The
Page 26 and 27: Issuing Commands to Control the Dae
Page 28 and 29: Issuing Commands to Control the Dae
Page 30 and 31: Action Manager Daemon (acactmgr) Ac
Page 32 and 33: Log Router Daemon (aclogrd) Log Rou
Page 35 and 36: Chapter 4 Configuration Files The e
Page 37 and 38: About Actions Example For example,
Page 39 and 40: About Actions program The program a
Page 41 and 42: Redirector Configuration File For m
Page 43: Router Configuration File Statement
Page 46 and 47: Variables Each condition uses binar
Page 48 and 49: Groups Groups Groups are set off by
Page 50 and 51: Command Syntax do Syntax do Int ope
Page 52 and 53: Command Syntax include Syntax Inclu
Page 54 and 55: Regular Expressions For example, ;=
Page 56 and 57: Identifying Events using SAPI Token
Page 59 and 60:
Chapter 6 Windows Registry Entries
Page 61 and 62:
Ports RouterSapiPort The data value
Page 63 and 64:
Messages Messages eTrust Audit main
Page 65 and 66:
Severity SkipTimeout The data value
Page 67 and 68:
Mail Mail eTrust Audit maintains in
Page 69 and 70:
Recorders error_back The data value
Page 71 and 72:
Recorders SkipImportLogs The data v
Page 73 and 74:
Redirector MailSubject The data val
Page 75 and 76:
Router OverWriteBackup The data val
Page 77 and 78:
Router snmp The data value specifie
Page 79 and 80:
Router RetryDelay The data value sp
Page 81 and 82:
Router MaxFileSize The data value s
Page 83 and 84:
Router Queues\Default Queues\Defaul
Page 85 and 86:
Router MaxLifeTime The data value s
Page 87 and 88:
Management Agent Management Agent e
Page 89 and 90:
Management Agent AN Types eTrust Au
Page 91 and 92:
Management Agent Netscape eTrust Au
Page 93 and 94:
Policy Manager Policy Manager The k
Page 95 and 96:
Policy Manager Distribution Server
Page 97 and 98:
Policy Manager Queues\DistributionQ
Page 99 and 100:
Policy Manager DeleteOldFiles The d
Page 101 and 102:
Policy Manager RetryDelay The data
Page 103 and 104:
Data Server Note: To switch to a di
Page 105 and 106:
Data Server ReadyReportsDir The dat
Page 107 and 108:
Chapter 7 UNIX INI Files The Client
Page 109 and 110:
eAudit.ini DistributionPort The dat
Page 111 and 112:
eAudit.ini Info Targets Specify the
Page 113 and 114:
eAudit.ini AlertQueue Queue Rules e
Page 115 and 116:
eAudit.ini MaxLifeTime Specify the
Page 117 and 118:
eAudit.ini snmp The snmp action sen
Page 119 and 120:
eAudit.ini Netscape eTrust Audit ma
Page 121 and 122:
ecorder.ini Parameters The Paramete
Page 123:
ecorder.ini Source Specify one of t
Page 126 and 127:
setkey Command Options setkey Comma
Page 129 and 130:
Chapter 10 Database Considerations
Page 131 and 132:
Windows NT Authentication with Micr
Page 133:
Chapter 11 Encup Utility The Encup
Page 136 and 137:
Windows NT Event IDs Event ID Type
Page 138 and 139:
Windows NT Event IDs Event ID Type
Page 140 and 141:
Windows 2000 Event IDs Windows 2000
Page 142 and 143:
Windows 2000 Event IDs Event ID Typ
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
eTrust Access Control Event IDs eTr
Page 152 and 153:
Mapping Mapping Messages are create
Page 154 and 155:
Sample SAPI Routine char source[] =
Page 156 and 157:
SAPI Reference SAPI Reference SAPI
Page 158 and 159:
SAPI Reference SAPI_AddItem The SAP
Page 160 and 161:
SAPI Reference SAPI_RemoveMessage S
Page 162 and 163:
SAPI Reference SAPI_DestroyCTX The
Page 164 and 165:
SAPI Return and Error Codes SAPI Re
Page 166 and 167:
Fields for SAPI Fields for SAPI The
Page 168 and 169:
Mapping Examples SAPI_SOURCE_FLD
Page 170 and 171:
Mapping Examples Common Predefined
Page 172 and 173:
Mapping Examples SAPI_INFO_FLD “I
Page 174 and 175:
Mapping Examples Account Management
Page 176 and 177:
Mapping Examples “Write” SAPI_O
Page 178 and 179:
Mapping Examples Physical Security
Page 180 and 181:
Mapping Examples SAPI_DIRECTION_FLD
Page 182 and 183:
Reserved Keywords Fields Internal t
Page 185 and 186:
Chapter 14 Recorder for Check Point
Page 187 and 188:
Preinstallation Considerations Prei
Page 189 and 190:
Installing in a Solaris Environment
Page 191 and 192:
Configuration Values Configuration
Page 193 and 194:
Configuration Values Client\Recorde
Page 195 and 196:
Configuration Values MaxSeqNoSleep
Page 197 and 198:
Technical Information Technical Inf
Page 199 and 200:
Chapter 15 Using the eTSAPISend Pro
Page 201:
Sample Batch File ■ ■ ■ ■ T
Page 204 and 205:
Remove the Indexes from SEOSDATA 6.
Page 206 and 207:
The acloader Utility Options You ca
Page 209 and 210:
Chapter 17 Inserting eTrust Access
Page 211 and 212:
Insert the Data into an Oracle Data
Page 213 and 214:
Chapter 18 iRecorder Development Re
Page 215 and 216:
iRecorder Design and Architecture i
Page 217 and 218:
iRecorder Design and Architecture T
Page 219 and 220:
How to Create an iRecorder Developm
Page 221 and 222:
How to Create an iRecorder Developm
Page 223 and 224:
How To Develop an iRecorder How To
Page 225 and 226:
How To Develop an iRecorder Step 2:
Page 227 and 228:
How To Develop an iRecorder ispUtil
Page 229 and 230:
How To Develop an iRecorder * AddSt
Page 231 and 232:
iRecorder API Functions iRecorder A
Page 233 and 234:
Index A acactmgr daemon, 3-6 acactm
Page 235 and 236:
encryption keys changing, 8-1 encup
Page 237 and 238:
Policy Manager database and registr
Page 239:
Security Monitor and registry keys,
show all

eTrust Audit Reference Guide - CA Technologies

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?