Direct Log Collection

Examples › Examples › Direct Log Collection

Direct Log Collection

Direct log collection is the log collection technique where there is no intermediate agent between the event source and the CA Enterprise Log Manager software. Diirect log collection is performed by the default agent on the CA Enterprise Log Manager server.

Direct Collection Using Syslog

Purpose:

Suppose you need to collect events from syslog sources, such as Cisco routers and Nortel Contivity VPN concentrators, but do not have a central syslog server.

Solution:

Configure these syslog devices to send events directly to CA Enterprise Log Manager's onboard syslog listener. Then, configure CA Enterprise Log Manager to accept messages from these systems' source IP addresses, an option that protects against false data injection.

CA Enterprise Log Manager begins collecting these syslog records immediately.

Procedures	More Information
Configure Syslog Event Sources Configure the Listener for the Default Agent	For an introduction to Log Collection options, see: Log Collection Edit a Local Service Configuration Working with the Default Agent Review syslog Integrations and Listeners

Procedures

More Information

Configure Syslog Event Sources

Configure the Listener for the Default Agent

For an introduction to Log Collection options, see:

Log Collection

Edit a Local Service Configuration

Working with the Default Agent

Review syslog Integrations and Listeners

Direct Collection of Windows Event Sources

Purpose:

Suppose you want to collect Windows events without an agent installed on the host with the event source or on an intermediate host. You want the log collection to be performed directly by the default agent on the CA Enterprise Log Manager server.

Solution:

Configure a connector associated with the WinRM integration on the default agent of a selected CA Enterprise Log Manager server. Configure the event sources and the WinRMLinuxLogSensor as described in the associated connector guide. For example, for details on configuring the collection of security events from a Windows Server 2008 host, refer to the CA Connector Guide for Windows Server 2008. The instructions apply to direct collection, agentless collection, and agent-based collection.

Procedures	More Information
Example: Enable Direct Collection Using the WinRMLinuxLogSensor	Extended Direct Log Collection by Default Agent Quick Start Overview Event Sources for Direct Log Collection

Procedures

More Information

Example: Enable Direct Collection Using the WinRMLinuxLogSensor

Extended Direct Log Collection by Default Agent

Quick Start Overview

Event Sources for Direct Log Collection

Direct Collection of Database Event Sources

Purpose:

Suppose you want to collect logs from databases such as Oracle, Microsoft SQL Server, and MySQL without an agent installed on the host with the database or on an intermediate host. You want the log collection to be performed directly by the default agent on the CA Enterprise Log Manager server.

Solution:

Configure the connector associated with a database integration on the default agent of a selected CA Enterprise Log Manager server. Integrations such as that for Microsoft SQL Server 2005 use the ODBCLogSensor. Configure the event source as described in the associated connector guide. For example, for details on configuring the collection of logs from a Microsoft SQL Server 2005 database, refer to the CA Connector Guide for Microsoft SQL Server 2005. The instructions apply to direct collection, agentless collection, and agent-based collection.

Procedures	More Information
Example: Enable Direct Collection Using the ODBCLogSensor	Extended Direct Log Collection by Default Agent Quick Start Overview Event Sources for Direct Log Collection

Procedures

More Information

Example: Enable Direct Collection Using the ODBCLogSensor

Extended Direct Log Collection by Default Agent

Quick Start Overview

Event Sources for Direct Log Collection

Email CA Technologies about this topic