During operation, CA User Activity Reporting Module reads incoming events and breaks them up into sections in an action called parsing. There are separate message parsing files for different devices, operating systems, applications, and databases. After the incoming events are parsed into name-value pairs, that data goes through a mapping module that places the event data into the fields in the database.
The mapping module uses data mapping files that are built for specific event sources similar to the message parsing files. The database schema is the common event grammar that is one of the central features of CA User Activity Reporting Module.
Parsing and mapping together are the means by which data is normalized and stored in a common database regardless of event type or message format.
The integration wizard and some of the CA Technologies Adapter modules require you to configure the mapping and parsing files that best describe the kinds of event data for which a connector or an adapter listens. In the configuration panels where these controls appear, the order of the message parsing files should reflect the relative number of events received of that type. The order of the data mapping files should also reflect the quantity of events received from a given source.
For example, if the syslog listener module for a specific CA User Activity Reporting Module server receives mostly Cisco PIX Firewall events, you should put the CiscoPIXFW.XMPS and CiscoPIXFW.DMS files first in each respective list.
|
Copyright © 2013 CA.
All rights reserved.
|
|