Installing CA Enterprise Log Manager - CA Technologies

More documents

Recommendations

Info

message parsing token (ELM)A message parsing token is a re-usable template for building the regularexpression syntax used in CA Enterprise Log Manager message parsing. A tokenhas a name, a type, and a corresponding regular expression string.MIB (management information base)The MIB (management information base) for CA Enterprise Log Manager,CA-ELM.MIB, must be imported and compiled by each product that is to receivealerts in the form of SNMP traps from CA Enterprise Log Manager. The MIB showsthe origin of each numeric object identifier (OID) used in an SNMP trap messagewith a description of that data object or network element. In the MIB for SNMPtraps sent by CA Enterprise Log Manager, the textual description of each dataobject is for the associated CEG field. The MIB helps ensure that all name/valuepairs sent in an SNMP trap are correctly interpreted at the destination.module (to download)A module is a logical grouping of component updates that is made available fordownload through subscription. A module can contain binary updates, contentupdates, or both. For example, all reports make up one module, all sponsorbinary updates make up another module. CA defines what makes up eachmodule.native eventNISTobligation policyobserved eventA native event is the state or action that triggers a raw event. Native events arereceived and parsed/mapped as appropriate, then transmitted as raw or refinedevents. A failed authentication is a native event.The National Institute of Standards and Technology (NIST) is the federaltechnology agency that provides recommendations in its Special Publication800-92 Guide to Computer Security Log Management that were used as the basisfor the CA Enterprise Log Manager.An obligation policy is a policy that is created automatically when you create anaccess filter. You should not attempt to create, edit, or delete an obligation policydirectly. Instead, create, edit or delete the access filter.An observed event is an event that involves a source, a destination, and anagent, where the event is observed and recorded by an event-collection agent.ODBC and JDBC accessODBC and JDBC access to CA Enterprise Log Manager event log stores supportsyour use of event data with a variety of third-party products, including customevent reporting with third-party reporting tools, event correlation withcorrelation engines, and event evaluation by intrusion and malware detectionsproducts. Systems with Windows operating systems use ODBC access; thosewith UNIX and Linux operating systems use JDBC access.264 Implementation Guide
ODBC serverThe ODBC server is the configured service that sets the port used forcommunications between the ODBC or JDBC client and the CA Enterprise LogManager server and specifies whether to use SSL encryption.OID (object identifier)An OID (object identifier) is a unique numeric identifier for a data object that ispaired with a value in an SNMP trap message. Each OID used in an SNMP trapsent by CA Enterprise Log Manager is mapped to a textual CEG field in the MIB.Each OID that is mapped to a CEG field has this syntax:1.3.6.1.4.1.791.9845.x.x.x, where 791 is the enterprise number for CA and9845 is the product identifier for CA Enterprise Log Manager.parsingparsing file wizardpozFolderprofilepromptParsing, also called message parsing (MP), is the process of taking raw devicedata and turning it into key-value pairs. Parsing is driven by an XMP file. Parsing,which precedes data mapping, is one step of the integration process that turnsthe raw event collected from an event source into a refined event you can view.The parsing file wizard is a CA Enterprise Log Manager feature thatAdministrators use to create, edit, and analyze eXtensible Message Parsing(XMP) files stored in the CA Enterprise Log Manager management server.Customizing the parsing of incoming event data involves editing thepre-matched strings and filters. New and edited files are displayed in the LogCollection Explorer, Event Refinement Library, Parsing Files, User folder.The pozFolder is an attribute of the AppObject, where the value is the parent pathof the AppObject. The pozFolder attribute and value is used in the filters foraccess policies that restrict access to resources such as reports, queries, andconfigurations.A profile is an optional, configurable, set of tag and data filters that can beproduct-specific, technology-specific or confined to a selected category. A tagfilter for a product, for example, limits the listed tags to the selected product tag.Data filters for a product display only data for the specified product in the reportsyou generate, the alerts you schedule, and the query results you view. After youcreate the profile you need, you can set that profile to be in effect whenever youlog in. If you create several profiles, you can apply different profiles, one at atime, to your activities during a session. Predefined filters are delivered withsubscription updates.A prompt is a special type of query that displays results based on the value youenter and the CEG fields you select. Rows are returned only for events where thevalue you enter appears in one or more of the selected CEG fields.Glossary 265
Page 1 and 2:
CA Enterprise Log ManagerImplementa
Page 4 and 5:
Contact CAContact Technical Support
Page 7 and 8:
ContentsChapter 1: Introduction 13A
Page 9 and 10:
Import CA Enterprise Log Manager Us
Page 11 and 12:
Access CA Enterprise Log Manager th
Page 13 and 14:
Chapter 1: IntroductionThis section
Page 15:
About This GuideNote: For details o
Page 18 and 19:
Server PlanningServer RolesA CA Ent
Page 20 and 21:
Server Planning■Restore point ser
Page 22 and 23:
Server PlanningThe next simplest ar
Page 24 and 25:
Log Collection PlanningLog Collecti
Page 26 and 27:
Log Collection PlanningAn automated
Page 28 and 29:
Federation PlanningLog Collection G
Page 30 and 31:
Federation Planning3. Decide which
Page 32 and 33:
Federation PlanningTo implement the
Page 34 and 35:
Federation PlanningAn example feder
Page 36 and 37:
User and Access PlanningUser Store
Page 38 and 39:
User and Access PlanningRequired in
Page 40 and 41:
User and Access PlanningThe default
Page 42 and 43:
Subscription Update Planning■Cont
Page 44 and 45:
Subscription Update PlanningPort 80
Page 46 and 47:
Subscription Update PlanningVerify
Page 48 and 49:
Subscription Update PlanningHow Sub
Page 50 and 51:
Subscription Update PlanningThe pro
Page 52 and 53:
Subscription Update PlanningExample
Page 54 and 55:
Agent PlanningAgent PlanningAgents
Page 61:
Agent PlanningFor smaller implement
Page 64 and 65:
Understanding the CA Enterprise Log
Page 66 and 67:
Installing a CA Enterprise Log Mana
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Initial CA Enterprise Log Manager S
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Install the ODBC ClientUsers of thi
Page 84 and 85:
Install the ODBC ClientODBC Data So
Page 86 and 87:
Installing the JDBC ClientTest Serv
Page 88 and 89:
Installing the JDBC ClientInstall t
Page 90 and 91:
Installation TroubleshootingProduct
Page 92 and 93:
Installation TroubleshootingRegiste
Page 94 and 95:
Installation TroubleshootingImport
Page 96 and 97:
Page 98 and 99:
Page 101 and 102:
Chapter 4: Configuring Basic Users
Page 103 and 104:
Configuring the User StoreMore info
Page 105 and 106:
Configure Password PoliciesConfigur
Page 107 and 108:
Create the First AdministratorCreat
Page 109:
Create the First Administrator4. Se
Page 112 and 113:
Edit Global ConfigurationsThe Syste
Page 114 and 115:
Working with Global Filters and Set
Page 116 and 117:
Configuring the Event Log StoreAbou
Page 118 and 119:
Configuring the Event Log StoreAbou
Page 120 and 121:
Configuring the Event Log StoreGene
Page 122 and 123:
Configuring the Event Log StoreSet
Page 124 and 125:
Configuring the Event Log StoreNote
Page 126 and 127:
ODBC Server ConsiderationsTo set ev
Page 128 and 129:
Configuring SubscriptionAction Aler
Page 130 and 131:
Configuring Subscription2. Accept o
Page 132 and 133:
Configuring Subscription11. If your
Page 134 and 135:
Configuring SubscriptionRSS Feed UR
Page 136 and 137:
Configuring SubscriptionMore inform
Page 138 and 139:
Configuring SubscriptionConfigure a
Page 140 and 141:
Using the Agent ExplorerYou base yo
Page 142 and 143:
Configuring the Default AgentTo rev
Page 144 and 145:
Example: Enable Direct Collection U
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
View and Control Agent or Connector
Page 156 and 157:
Hierarchical FederationsHierarchica
Page 158 and 159:
Meshed FederationsIn a ring or star
Page 160 and 161:
Configuring a CA Enterprise Log Man
Page 163 and 164:
Chapter 8: Working with the EventRe
Page 165 and 166:
Appendix A: Considerations for CA A
Page 167 and 168:
Understanding Differences in Archit
Page 169 and 170:
Understanding Differences in Archit
Page 171 and 172:
Configuring CA AdaptersIn addition
Page 173 and 174:
Configuring CA AdaptersConfigure th
Page 175 and 176:
Sending CA Audit Events to CA Enter
Page 177 and 178:
Sending CA Audit Events to CA Enter
Page 179 and 180:
When to Import Events4. Click Edit.
Page 181 and 182:
Importing Data from a SEOSDATA Tabl
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Integrating with CA Audit r8 SP2Imp
Page 189 and 190:
Integrating with CA Audit r8 SP22.
Page 191:
Integrating with CA Audit r8 SP2To
Page 194 and 195:
How to Modify CA Audit Policies to
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
How to Configure a CA Access Contro
Page 206 and 207:
How to Configure a CA Access Contro
Page 208 and 209:
How to Import CA Access Control Eve
Page 210 and 211:
Page 212 and 213:
Page 214 and 215: How to Import CA Access Control Eve
Page 216 and 217: How to Import CA Access Control Eve
Page 219 and 220: Appendix C: CA IT PAM Consideration
Page 221 and 222: Prepare to Implement CA IT PAM Auth
Page 223 and 224: Copy the Certificate to the CA IT P
Page 225 and 226: Install the Third-Party Components
Page 227: Launch and Log in to the CA IT PAM
Page 230 and 231: About Backing Up the CA EEM ServerA
Page 232 and 233: Back Up a CA Enterprise Log Manager
Page 234 and 235: Replace a CA Enterprise Log Manager
Page 236 and 237: Creating Virtual CA Enterprise Log
Page 250 and 251: agent exploreragent groupagent mana
Page 252 and 253: auto-archiveCA adaptersAuto-archive
Page 254 and 255: CEG fieldscertificatescold database
Page 256 and 257: defrosted database stateA defrosted
Page 258 and 259: event log storageevent log storeeve
Page 260 and 261: global groupglobal resourceglobal u
Page 262 and 263: LMArchive utilityThe LMArchive util
Page 267 and 268: emote storage serverA remote storag
Page 269 and 270: servicesSNMPSNMP trap contentsThe C
Page 271 and 272: summarization rulesSummarization ru
Page 273 and 274: IndexAadministration tasksuser stor
Page 275: description • 18in federated repo
show all

Installing CA Enterprise Log Manager - CA Technologies

Create successful ePaper yourself

Delete template?

Save as template?