|
|
|
System analysts monitor the log collection network and then gather and distribute report data.
Administrators assign the Analyst role to users who are responsible for the following tasks:
A report is a graphical or tabular display of event log data that is generated by executing predefined or custom queries with filters. The data can be from hot, warm, and defrosted databases in the event log store of the selected server and, if requested, its federated servers.
An action alert is a scheduled query job, which can be used to detect policy violations, usage trends, logon patterns, and other information that can require near-term attention. Alert data can be viewed in the UI or through an RSS Feed. You can send a scheduled alert to email recipients, an SNMP trap destination, or a CA IT PAM event/alert output process. You can run the process once per row or once per query.
A tag is a term or key phrase that is used to identify queries or reports that belong to the same category. To add a new report to a scheduled job configured to select reports with a specific tag, you add the common tag to the new report. A tag can also be a key phrase associated with a query, thus describing the query content and enabling key phrase-based classification and search.
An RSS event is an event generated by CA Enterprise Log Manager to convey an Action Alert to third-party products and users. The event is a summary of each Action Alert result and a link to the result file. The duration for a given RSS feed item is configurable.
Analysts can take the following approach as they become familiar with working with CA Enterprise Log Manager:
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |