Previous Topic: Event Correlation and Incident ManagementNext Topic: Agents

Administration GuideEvent Collection Profiles Tasks

Event Collection Profiles Tasks

This section contains the following topics:

How to Create an Event Collection Profile

Set Collection Profile Details

Apply Suppression and Summarization Rules

Configure Collection Profile

How to Create an Event Collection Profile

An event collection profile contains the basic information required to create a CA User Activity Reporting Module listener or connector. This allows the application to provision event collection when the virtual automation API calls the profile.

Create collection profiles before using the virtual API. Each collection profile contains the information for a specific integration or listener. For this reason, it is likely that you create multiple collection profiles to fit your environment. You must have the administrator role to create, edit, or manage collection profiles.

You create an event collection profile in the following steps:

  1. Set Collection Profile Details
  2. Apply Suppression Rules
  3. Apply Summarization Rules
  4. Configure the Collection Profile.

More information:

Set Collection Profile Details

Configure Collection Profile

Set Collection Profile Details

To begin creating a collection profile, set the details that identify the profile and specify what type of events you want to collect.

Follow these steps:

  1. Click the Administration tab, the Library subtab, and then the Event Collection Profiles folder.
  2. Click New Collection Profile.

    The collection profile wizard opens.

  3. Enter a name and description for the profile.
  4. Select the agent group you want to associate with the profile. CA User Activity Reporting Module uses an agent within the selected group to deploy event collection.
  5. Choose integrations or listeners, depending on the collection method you want the profile to use.
  6. If you select integrations, choose the integration you want from the drop-down list.
  7. If you select listeners, choose the listener and the integration target you want from the drop-down lists.
  8. Select the step you want to complete next.

Apply Suppression and Summarization Rules

You can apply both suppression and summarization rules to an event profile. When the event profile is deployed, the suppression and summarization rules you select are applied at the agent level. The suppression and summarization check is in addition to the suppression and summarization check made at the event log store.

Important! Create and use suppression rules cautiously because they prevent the logging and the appearance of certain native events entirely. We recommend testing suppression rules in a test environment before deploying them.

To apply suppression and summarization rules

  1. Open the event profile wizard and advance to the Suppression Rules step, or the Summarization Rules step.
  2. (Optional) Type in the rules pattern entry field to search the available rules. As you type, the rules that match your entry are displayed.
  3. Select the rules you want, using the shuttle control.
  4. Click the appropriate arrow to advance to the wizard step you want to complete next, or click Save and Close.

    If you click Save and Close, the new profile appears in the user folder list, otherwise the step you select appears.

Configure Collection Profile

Configure the event collection profile, adding the information required for CA User Activity Reporting Module to collect information from the specified source.

To configure the collection profile

  1. Open the collection profile wizard, enter the required details, and advance to the configuration step.

    The configuration step appears, displaying the sensor parameters for the connector or listener type you set in step 1.

  2. Enter the required configuration details. An Input Key list appears for some configurations. You can drag and drop input keys to set a variable for certain entry fields. For example, you could drag the userid key to a User Name field. It appears as %userid%, allowing the event profile to locate the specified string automatically when it is deployed.

    Note: Input keys are required for the API GET and PUT methods to function. Use any input keys available for the connection type you are using, rather than typing the values directly in the entry fields.

  3. Select Credentials Required if a username and password are required to access the event source. This is normally the case for active connectors such as WinRM.
  4. Click Save and Close.