Previous Topic: Audit ClientNext Topic: Supported Platforms


How the Client Processes Events

The subcomponents of the Client process events as follows:

  1. A Send API Recorder (SAPI Recorder) receives events. The SAPI Recorders receive events from sources such as other eTrust products, Unicenter, Check Point FW 4.1, UNIX syslog, Windows NT event log, SNMP, Oracle, Sybase, and IBM DB2.
  2. The SAPI Recorders send the events to the Router, which filters the events according to policy rules.

    The policy rules state what to do with the events. For example, the rules can create state variables for further correlation, event consolidation, and data reduction. They can also generate new events that will be resubmitted to the Router and will go through the same filtering policy rules as the original events.

  3. After the Router filters the events, they are submitted to the Action Manager, which takes actions such as sending the events using email, forwarding events to another Router and Action Manager, forwarding events to the Security Monitor, storing the events in the Collector database, and sending events to Unicenter.

For the Router and Action Manager to function, the most current version of the policy rules has to be available on the Client system. The Distribution Agent component receives policy rules from the Policy Manager.