Previous Topic: Considerations for CA Audit UsersNext Topic: CA Audit Architecture


Understanding Differences in Architectures

In planning how you to use CA Audit and CA User Activity Reporting Module together, you first should understand the differences in the architectures and the effects they have on your network structure.

CA User Activity Reporting Module uses an embedded event log store, and provides an Agent Explorer to configure and manage agents. New technology coupled with a common event grammar allows for faster event throughput to storage while supporting a higher number of event sources. The common event grammar allows CA User Activity Reporting Module to normalize events from many different event sources into a single database schema.

CA User Activity Reporting Module integrates at a certain level with CA Audit, but by design it is not completely interoperable. CA User Activity Reporting Module is a new and separate server infrastructure that can run in parallel with CA Audit, with the following event handling considerations:

CA User Activity Reporting Module does...

CA User Activity Reporting Module does not...

Receive event logs sent from CA Audit clients and iRecorders using configurable listeners.

Directly access event logs stored in the CA Audit collector database.

Provide a utility to import event log data stored in the CA Audit collector database (SEOSDATA table).

 

Use agents to send event logs only to the CA User Activity Reporting Module server infrastructure.

 

Permit CA User Activity Reporting Module agents and CA Audit clients with iRecorders to run on the same physical host.

Allow CA User Activity Reporting Module agents and CA Audit clients with iRecorders on the same host to access the same log sources simultaneously.

Use its built-in Agent Explorer to manage only CA User Activity Reporting Module agents. During side-by-side operation of the two systems, CA Audit uses its Policy Manager only to manage CA Audit clients

 

 

Migrate CA Audit data held in table collectors, report templates or custom reports, alert policies, collection/filtering policies, or role-based access control policies