To determine whether an existing SEOSDATA table contains CA Access Control events, and to decide upon an import method, you should run an event report. The logname for CA Access Control events is eTrust Access Control. The report lists all events in the database separated by their log names. The easiest way to import CA Access Control events is to import them based on their log name.
To create an event report
LMSeosImport -dsn My_Audit_DSN -user sa -password sa -report
After processing, the utility displays a report that resembles the following:
Import started on Fri Jan 2 15:20:30 2009 No transport specified, defaulting to SAPI... Preparing ODBC connections... Successfully attached to source [My_Audit_DSN] ---------- SEOSDATA Event Time Range ---------- Minimum TIME = 2008-05-27 Maximum TIME = 2009-01-02 ---------- Event Count Per Log ---------- Unix : 12804 ACF2 : 1483 eTrust AC : 143762 com.ca.iTechnology.iSponsor : 66456 NT-Application : 5270 CISCO PIX Firewall : 5329 MS IIS : 6765 Netscape : 530 RACF : 14 Apache : 401 N/A : 28222 SNMP-recorder : 456 Check Point FW-1 : 1057 EiamSdk : 2790 MS ISA : 609 ORACLE : 2742 eTrust PCM : 247 NT-System : 680 eTrust Audit : 513 NT-Security : 14714 CISCO Device : 41436 SNORT : 1089 ---------- SEOSDATA EntryID Range ---------- Minimum ENTRYID : 1 Maximum ENTRYID : 10000010243 Report Completed. Successfully detached from source [My_Audit_DSN] Exiting Import...
The boldface line in this report excerpt shows that there are CA Access Control events contained in this SEOSDATA table.
---------- Event Count Per Log ---------- Unix : 12804 ACF2 : 1483 eTrust AC : 143762 com.ca.iTechnology.iSponsor : 66456 NT-Application : 5270 ...
Copyright © 2013 CA.
All rights reserved.
|
|