Configuring AEC consists of defining correlation rules and saving them in the Management Database (MDB). You can create correlation rules using either the Integrated Development Environment (IDE), which is a Windows application, or the browser-based Policy Editor.
Before you use AEC in a production environment, you must typically work through the following procedures:
Note: You can import CA NSM 3.x rca files into the Policy Editors and then save them to the MDB.
After you define your correlation policies, you can deploy them to a test Event Agent (preferably a non-production machine) using deployment dialogs within the editors. The Windows IDE editor also provides a real-time testing environment by reading the Event Console messages and applying the rules you have defined.
Note: You need only use the Policy Editors when you are defining, deploying, and testing rules. After you are satisfied that your new AEC policy is working properly, you can use the Deploy Policy dialog to deploy it into a production environment. See Implement AEC.
The policy editors have a real-time status capability to let you see the following:
Note: If Security Management is running, and AEC policy is intended to create alerts in the Alert Management System (AMS), the user defining the policy must have permission to the CA-AMS-POLICY asset type. Without this permission, an access violation message appears.
For more information about CA-AMS-POLICY, see the online CA Reference topic Asset Types for Windows and UNIX/Linux. It is under Security Management, Executables: Security Management, cautil Security Management Control Statements, Control Statements for ASSETTYPE.
|
Copyright © 2010 CA.
All rights reserved.
|
|