Direct log collection is the log collection technique where there is no intermediate agent between the event source and the CA User Activity Reporting Module software. Diirect log collection is performed by the default agent on the CA User Activity Reporting Module server.
Direct Collection Using Syslog
Suppose you need to collect events from syslog sources, such as Cisco routers and Nortel Contivity VPN concentrators, but do not have a central syslog server.
Configure these syslog devices to send events directly to CA User Activity Reporting Module's onboard syslog listener. Then, configure CA User Activity Reporting Module to accept messages from these systems' source IP addresses, an option that protects against false data injection.
CA User Activity Reporting Module begins collecting these syslog records immediately.
Procedures |
More Information |
---|---|
Configure Syslog Event Sources Configure the Listener for the Default Agent
|
For an introduction to Log Collection options, see: Edit a Local Service Configuration |
Direct Collection of Windows Event Sources
Suppose you want to collect Windows events without an agent installed on the host with the event source or on an intermediate host. You want the log collection to be performed directly by the default agent on the CA User Activity Reporting Module server.
Configure a connector associated with the WinRM integration on the default agent of a selected CA User Activity Reporting Module server. Configure the event sources and the WinRMLinuxLogSensor as described in the associated connector guide. For example, for details on configuring the collection of security events from a Windows Server 2008 host, refer to the CA Connector Guide for Windows Server 2008. The instructions apply to direct collection, agentless collection, and agent-based collection.
Procedures |
More Information |
---|---|
Example: Enable Direct Collection Using the WinRMLinuxLogSensor |
Direct Collection of Database Event Sources
Suppose you want to collect logs from databases such as Oracle, Microsoft SQL Server, and MySQL without an agent installed on the host with the database or on an intermediate host. You want the log collection to be performed directly by the default agent on the CA User Activity Reporting Module server.
Configure the connector associated with a database integration on the default agent of a selected CA User Activity Reporting Module server. Integrations such as that for Microsoft SQL Server 2005 use the ODBCLogSensor. Configure the event source as described in the associated connector guide. For example, for details on configuring the collection of logs from a Microsoft SQL Server 2005 database, refer to the CA Connector Guide for Microsoft SQL Server 2005. The instructions apply to direct collection, agentless collection, and agent-based collection.
Procedures |
More Information |
---|---|
Copyright © 2013 CA.
All rights reserved.
|
|