CA User Activity Reporting Module is designed to be up and running in a short time from the start of install to the time that the product is collecting log information and generating reports. You must install the CA User Activity Reporting Module soft appliance on a dedicated system.
Important! Since the CA User Activity Reporting Module server is dedicated to high-performance event log collection, you should not install other applications on the server that hosts it. Doing so could have an adverse affect on performance.
There are a variety of ways that you can configure your environment. We recommend the following, specific configuration to help ensure handling of high event volumes in enterprise environments.
For a basic enterprise-level, production environment, install at least two CA User Activity Reporting Module servers into your existing network. The CA User Activity Reporting Module servers use the existing DNS servers in your network to work with named event sources and agent hosts. One server focuses on collection and the other on reporting of collected event logs. In a two-server environment, the management server you install first takes the role of a reporting server. As management server, it performs user authentication and authorization, and other management functions. The following illustration shows this basic environment with some event sources:
Solid lines in this diagram show event flow from event sources to the collection server, or to an agent host and then to the collection server. You can collect syslog events directly using the default agent on the collection CA User Activity Reporting Module server. You could also configure one or more connectors on a separate agent host to collect from multiple syslog sources (not shown in this diagram).
Windows event collection uses Windows Management Instrumentation (WMI) to monitor Windows servers for their events. This requires that you configure a WMI connector on an agent installed on a Windows host as an event collection point. For some other event types, you may decide to use a standalone CA Technologies iRecorder on a host server.
You can configure and manage the agents and connectors for these event sources from any CA User Activity Reporting Module server in the network. Dashed lines in the diagram represent configuration and control traffic between the management server and agents, and each of the other CA User Activity Reporting Module servers. In the environment represented in this diagram, you perform configurations from the management server. This allows the collection server to focus on processing events.
The log collection environment into which you install CA User Activity Reporting Module servers has the following characteristics:
Depending on the size of your network and its event volume, you may choose to install more than one management server and build federations of collection servers under each one. Or, you can dedicate multiple servers to reporting, where all reporting servers register with your one management server. In this scenario, the event flow passes from event sources to the configured collection server to its configured reporting server.
Copyright © 2013 CA.
All rights reserved.
|
|