Implementation GuideConsiderations for CA Audit UsersSending CA Audit Events to CA Enterprise Log Manager › Modify an Existing CA Audit Policy to Send Events to CA Enterprise Log Manager

Previous Topic: Configure iRecorder to Send Events to CA Enterprise Log Manager

Next Topic: Modify an Existing r8SP2 Policy to Send Events to CA Enterprise Log Manager

Modify an Existing CA Audit Policy to Send Events to CA Enterprise Log Manager

Use this procedure to enable a CA Audit client to send events to both CA Enterprise Log Manager and the CA Audit collector database. By adding a new target to the Route or Collector actions on an existing rule, you can send collected events to both systems. As an alternative, you can also modify specific policies or rules to send events only to the CA Enterprise Log Manager server.

CA Enterprise Log Manager collects events from CA Audit clients using the CA Audit SAPI Router and CA Audit SAPI Collector listeners. Collected events are stored in the CA Enterprise Log Manager event log store only after you push the policy to the clients and it becomes active.

Important: You must configure the CA Enterprise Log Manager listeners to receive events before you modify and activate the policy. If you do not do this configuration first, you may have incorrectly mapped events if events arrive between the time that the policy becomes active and the listeners can correctly map the events.

To modify an existing policy rule's action to send events to CA Enterprise Log Manager

  1. Log into the Policy Manager server and access the My Policies tab in the left pane.
  2. Expand the policy folder until you can see the desired policy.
  3. Click the policy to display its basic information in the Details pane to the right.
  4. Click Edit in the Details pane to add to the policy's rules. The rule wizard starts.
  5. Click the Edit Actions next to the arrow for the wizard's step 3. The wizard's rule actions page displays.
  6. Click the Collector action in the Browse Actions pane on the left. This displays the Action List to the right.

    You can also use the Route action to create a rule to send events to a CA Enterprise Log Manager server.

  7. Click New to add a new rule.
  8. Enter the IP address or host name of the collection CA Enterprise Log Manager server.

    For a CA Enterprise Log Manager implementations with two or more servers, you can enter a different CA Enterprise Log Manager host name or IP address in the Alternate Host Name field to take advantage of <Aus>'s automatic failover feature. If the first CA Enterprise Log Manager server is not available, CA Audit automatically sends events to the server named in the Alternate Host Name field.

  9. Enter the name of the management CA Enterprise Log Manager server in the Alternate Host Name field, and then create a description for this new rule action.
  10. Clear the check box, Perform this action on remote server, if it is checked.
  11. Click Add to save the new rule action and then click Finish in the wizard window.
  12. Select the Rules tab in the lower right pane, and then select a rule to check.
  13. Click Check Policies to check the changed rule with the new actions to ensure that it compiles properly.

    Make any needed modifications to the rule and ensure that it compiles correctly before you activate it.

  14. Click Activate to distribute the checked policy that contains the new rule actions you added.
  15. Repeat this procedure for each rule and policy with collected events you want to send to CA Enterprise Log Manager.

More information:

About the SAPI Router and Collector

Configure the SAPI Collector Service

Configure the SAPI Router Service