Administration Guide › Queries and Reports › Example: Set Up Federation and Federated Reports
Example: Set Up Federation and Federated Reports
You can collect logs from high-volume, geographically separate data centers and set up reporting so that distributed data is queried from just one of the data centers.
Consider an example scenario where the two high-volume data centers are located in New York and Virginia, where New York is the corporate headquarters. Each data center has a collection server that collects and processes incoming event logs and sends them to its reporting server. The reporting server handles queries, alerts, and reports. Most queries, alerts, and reports target event data collected through agents; consolidating data from these event sources requires federation among reporting servers and collection servers.
Some queries, alerts, and reports target self-monitoring events generated by CA Enterprise Log Manager servers; consolidating this type of data requires inclusion of the management server in the federation. If consolidating self-monitoring event data is not desired, the management server can be excluded from the federation. Self-monitoring events from this server can be monitored with non-federated local reports. For simplicity, the management server is excluded in this federation; inclusion could be achieved by creating a meshed federation between the NY-Reporting-ELM and Management-ELM.
The server names are as follows:
- Management-ELM
- NY-Collection-ELM
- NY-Reporting-ELM
- VA-Collection-ELM
- VA-Reporting-ELM
Assume the Administrator in New York wants all reports and alerts that are run from the New York site to include data from the Virginia site, but wants all reports and alerts run from the Virginia site to include only locally collected data.
The following example shows how to federate the servers and configure reporting to meet the criteria for this scenario. Procedures for configuring auto-archiving are not included in this example, but auto-archiving should be configured for any high-volume architecture.
- Log into a CA Enterprise Log Manager with Administrator credentials.
- Click the Administration tab and select the Services subtab.
- Create a hierarchical federation, where NY-Reporting-ELM is the parent and VA-Reporting-ELM is the child as follows:
- Expand the Event Log Store service, and then select the server name that is to be the parent in the hierarchical federation, in this case, NY-Reporting-ELM.
- Select VA-Reporting-ELM from the available federation children list and move it to the selected list.
- Create a meshed federation between the NY-Reporting-ELM and the NY-Collection-ELM as follows, where each is a child of the other:
- Select the NY-Reporting-ELM from the Event Log Store list.
- Select NY-Collection-ELM from the available federation children and move it to the selected list.
- Select the NY-Collection-ELM from the Event Log Store list.
- Select NY-Reporting-ELM from the available federation children and move it to the selected list.
- Create a meshed federation between the VA-Reporting-ELM and the VA-Collection-ELM as follows, where each is a child of the other:
- Select the VA-Reporting-ELM from the Event Log Store list.
- Select VA-Collection-ELM from the available federation children and move it to the selected list.
- Select the VA-Collection-ELM from the Event Log Store list.
- Select VA-Reporting-ELM from the available federation children and move it to the selected list.
- Configure global report server settings and local overrides for VA-Reporting-ELM as follows. Geographically distant servers often use different mail servers.
- Select Alerting Service on the Service List
- Configure global or local settings as needed for mail server options from the NY-Reporting-ELM node.
- If you plan to email reports, select Report Server and then the NY-Reporting-ELM node.
- Set global or local PDF format options, or report options related to report and alert retention.
- For each report scheduled to run from NY-Reporting-ELM, do the following:
- Select the Scheduled Reports tab and the Report Scheduling tab.
- Click Schedule a Report.
- Select the report to schedule and complete steps 2, 3, 4, and 5 as needed.
- Click the Server Selection step, select NY-Reporting-ELM from the available servers list and move it to the selected servers list and then accept the default, Yes, for federated query.
- Click Save and Close.
The resulting reports include data from NY-Reporting-ELM, its peer, NY-Collection-ELM, its child, VA-Reporting-ELM, and its child's peer, VA-Collection-ELM.
Note: A federated query run from VA-Reporting-ELM includes data from VA-Reporting-ELM and its peer VA-Collection-ELM. It does not include data from NY-Reporting-ELM, since this server is its parent in the hierarchical federation.
More information:
Queries and Reports in a Federated Environment
Configuring a CA Enterprise Log Manager Federation
Example: Federation Map for a Large Enterprise