Previous Topic: Diagnostics and SupportNext Topic: CA Access Control Interoperability


CA Audit Interoperability

Log Collection with a CA Audit Client

Problem:

CA Audit customers made significant investments deploying client components throughout the environment. Deploying new agents across the environment requires more investment in time and resources.

Solution:

The security analyst reconfigures CA Audit collection policies with the Policy Manager to forward logs from CA Audit clients directly to a CA User Activity Reporting Module server.

Procedure

More Information

Configure the SAPI Collector Service

Configure the SAPI Router Service

Modify an Existing CA Audit Policy to Send Events to CA User Activity Reporting Module

CA Adapters

Configuring CA Adapters

Log Collection with iRecorders

Problem:

Current CA Audit customers made significant investments deploying iRecorder components throughout the environment. Deploying new agents across the environment requires more investment in time and resources.

Solution:

The security analyst reconfigures iRecorders to forward logs from CA Audit clients directly to a CA User Activity Reporting Module server.

Procedure

More Information

Configure the iTechnology Event Plug-in

Configure iRecorder to Send Events to CA User Activity Reporting Module

CA Adapters

iTechnology Event Plug-in

Log Collection with Mainframe Recorders

Problem:

Current CA Audit customers made significant investments deploying mainframe Recorder components throughout the environment. Deploying new components in the mainframe environment requires more investment in time and resources.

Solution:

The security analyst reconfigures the CA Top Secret Recorders (as a SAPI_Router destination) to forward logs directly to a CA User Activity Reporting Module server.

Procedure

More Information

Configure the SAPI Collector Service

Configure the SAPI Router Service

Refer to the SAPI source documentation for details on how to send events directly to CA User Activity Reporting Module

CA Adapters

CA Audit Client and CA User Activity Reporting Module Agent Coexistence

Problem:

Current CA Audit customers made significant investments deploying Audit components throughout the environment, but need to migrate in phases to CA User Activity Reporting Module. Some applications such as Microsoft SQL Server require log collection from the underlying Windows operating system as well the Microsoft SQL Server database server application. The CA Audit client collects logs from Windows, but you also must install a CA User Activity Reporting Module agent to collect logs from Microsoft SQL Server during the phased migration.

Solution:

The security analyst installs the new CA User Activity Reporting Module Agent on a Windows Server 2003 that is already running an CA Audit Client to collect logs from Windows. This system is also running Microsoft SQL Server 2005, which is the first application planned for migration to the CA User Activity Reporting Module. He installs the agent on the same server with the CA Audit client, which allows CA User Activity Reporting Module to collect Windows log events from the client and Microsoft SQL Server events from the agent.

Procedure

More Information

How to Install an Agent on Windows

How to Install an Agent on UNIX

How to Create a Connector

Configure the iTechnology Event Plug-in

Modify an Existing CA Audit Policy to Send Events to CA User Activity Reporting Module

CA Adapters

Data Migration from a CA Audit Database

Problem:

Current CA Audit customers need to run CA User Activity Reporting Module reports using data that has been previously collected and stored in the CA Audit collector database.

Solution:

The security analyst runs the CA Auditdatabase import utility to migrate previously collected data from SEOSDATA to the <CALM event log store. The CA User Activity Reporting Module reports can use this data immediately after data import.

Procedure

More Information

Copy the Import Utility to a Windows Data Tools Server

Copy the Import Utility to a Solaris Data Tools Server

Create an Event Report

Preview Import Results

Import Events from a Windows Collector Database

Import Events from a Solaris Collector Database

 

When to Import Events

About the SEOSDATA Import Utility

Importing Data from a SEOSDATA Table

Importing from a Live SEOSDATA Table

Understand the LMSeosImport Command Line

Import Utility Options

LMSeosImport Command Line Examples

Log Collection by a CA Audit Client with Static Ports

Problem:

Current CA Audit customers made significant investments deploying client components throughout the environment, and configuring them to use static network ports. Deploying new agents across the environment requires more investment in time and resources.

Solution:

The security analyst configures CA User Activity Reporting Module to communicate on the static ports that the clients were previously configured to use. The security analyst then reconfigures CA Audit collection policies with the Policy Manager to forward logs from CA Audit clients directly to CA User Activity Reporting Module.

Procedure

More Information

Configure the SAPI Collector Service

Configure the SAPI Router Service

Modify an Existing CA Audit Policy to Send Events to CA User Activity Reporting Module