Previous Topic: Upgrade from a Previous ReleaseNext Topic: Agentless Log Collection


Direct Log Collection

Direct log collection is the log collection technique where there is no intermediate agent between the event source and the CA User Activity Reporting Module software. Diirect log collection is performed by the default agent on the CA User Activity Reporting Module server.

Direct Collection Using Syslog

Purpose:

Suppose you need to collect events from syslog sources, such as Cisco routers and Nortel Contivity VPN concentrators, but do not have a central syslog server.

Solution:

Configure these syslog devices to send events directly to CA User Activity Reporting Module's onboard syslog listener. Then, configure CA User Activity Reporting Module to accept messages from these systems' source IP addresses, an option that protects against false data injection.

CA User Activity Reporting Module begins collecting these syslog records immediately.

Procedures

More Information

Configure Syslog Event Sources

Configure the Listener for the Default Agent

 

For an introduction to Log Collection options, see:

Log Collection

Edit a Local Service Configuration

Working with the Default Agent

Review syslog Integrations and Listeners

Direct Collection of Windows Event Sources

Purpose:

Suppose you want to collect Windows events without an agent installed on the host with the event source or on an intermediate host. You want the log collection to be performed directly by the default agent on the CA User Activity Reporting Module server.

Solution:

Configure a connector associated with the WinRM integration on the default agent of a selected CA User Activity Reporting Module server. Configure the event sources and the WinRMLinuxLogSensor as described in the associated connector guide. For example, for details on configuring the collection of security events from a Windows Server 2008 host, refer to the CA Connector Guide for Windows Server 2008. The instructions apply to direct collection, agentless collection, and agent-based collection.

Procedures

More Information

Example: Enable Direct Collection Using the WinRMLinuxLogSensor

Extended Direct Log Collection by Default Agent

Quick Start Overview

Event Sources for Direct Log Collection

Direct Collection of Database Event Sources

Purpose:

Suppose you want to collect logs from databases such as Oracle, Microsoft SQL Server, and MySQL without an agent installed on the host with the database or on an intermediate host. You want the log collection to be performed directly by the default agent on the CA User Activity Reporting Module server.

Solution:

Configure the connector associated with a database integration on the default agent of a selected CA User Activity Reporting Module server. Integrations such as that for Microsoft SQL Server 2005 use the ODBCLogSensor. Configure the event source as described in the associated connector guide. For example, for details on configuring the collection of logs from a Microsoft SQL Server 2005 database, refer to the CA Connector Guide for Microsoft SQL Server 2005. The instructions apply to direct collection, agentless collection, and agent-based collection.

Procedures

More Information

Example: Enable Direct Collection Using the ODBCLogSensor

Extended Direct Log Collection by Default Agent

Quick Start Overview

Event Sources for Direct Log Collection