Log Collection with a CA Audit Client
CA Audit customers made significant investments deploying client components throughout the environment. Deploying new agents across the environment requires more investment in time and resources.
The security analyst reconfigures CA Audit collection policies with the Policy Manager to forward logs from CA Audit clients directly to a CA User Activity Reporting Module server.
Procedure |
More Information |
---|---|
Configure the SAPI Collector Service Configure the SAPI Router Service Modify an Existing CA Audit Policy to Send Events to CA User Activity Reporting Module |
Log Collection with iRecorders
Current CA Audit customers made significant investments deploying iRecorder components throughout the environment. Deploying new agents across the environment requires more investment in time and resources.
The security analyst reconfigures iRecorders to forward logs from CA Audit clients directly to a CA User Activity Reporting Module server.
Procedure |
More Information |
---|---|
Configure the iTechnology Event Plug-in Configure iRecorder to Send Events to CA User Activity Reporting Module |
Log Collection with Mainframe Recorders
Current CA Audit customers made significant investments deploying mainframe Recorder components throughout the environment. Deploying new components in the mainframe environment requires more investment in time and resources.
The security analyst reconfigures the CA Top Secret Recorders (as a SAPI_Router destination) to forward logs directly to a CA User Activity Reporting Module server.
Procedure |
More Information |
---|---|
Configure the SAPI Collector Service Configure the SAPI Router Service Refer to the SAPI source documentation for details on how to send events directly to CA User Activity Reporting Module |
CA Audit Client and CA User Activity Reporting Module Agent Coexistence
Current CA Audit customers made significant investments deploying Audit components throughout the environment, but need to migrate in phases to CA User Activity Reporting Module. Some applications such as Microsoft SQL Server require log collection from the underlying Windows operating system as well the Microsoft SQL Server database server application. The CA Audit client collects logs from Windows, but you also must install a CA User Activity Reporting Module agent to collect logs from Microsoft SQL Server during the phased migration.
The security analyst installs the new CA User Activity Reporting Module Agent on a Windows Server 2003 that is already running an CA Audit Client to collect logs from Windows. This system is also running Microsoft SQL Server 2005, which is the first application planned for migration to the CA User Activity Reporting Module. He installs the agent on the same server with the CA Audit client, which allows CA User Activity Reporting Module to collect Windows log events from the client and Microsoft SQL Server events from the agent.
Procedure |
More Information |
---|---|
How to Install an Agent on Windows How to Install an Agent on UNIX Configure the iTechnology Event Plug-in Modify an Existing CA Audit Policy to Send Events to CA User Activity Reporting Module |
Data Migration from a CA Audit Database
Current CA Audit customers need to run CA User Activity Reporting Module reports using data that has been previously collected and stored in the CA Audit collector database.
The security analyst runs the CA Auditdatabase import utility to migrate previously collected data from SEOSDATA to the <CALM event log store. The CA User Activity Reporting Module reports can use this data immediately after data import.
Log Collection by a CA Audit Client with Static Ports
Current CA Audit customers made significant investments deploying client components throughout the environment, and configuring them to use static network ports. Deploying new agents across the environment requires more investment in time and resources.
The security analyst configures CA User Activity Reporting Module to communicate on the static ports that the clients were previously configured to use. The security analyst then reconfigures CA Audit collection policies with the Policy Manager to forward logs from CA Audit clients directly to CA User Activity Reporting Module.
Procedure |
More Information |
---|---|
Configure the SAPI Collector Service Configure the SAPI Router Service Modify an Existing CA Audit Policy to Send Events to CA User Activity Reporting Module |
|
Copyright © 2013 CA.
All rights reserved.
|
|