This section contains the following topics:
Edit a Global Service Configuration
Edit a Local Service Configuration
CA Adapters Configuration Tasks
You can set global configurations that apply to all CA User Activity Reporting Module servers. You can view and edit two types of individual service configurations: A global service configuration applies to all the instances of a single service in your environment, and a local service configuration only to a selected individual service host.
Note: Global configurations are distinct from global service configurations: the first controls the behavior of all CA User Activity Reporting Module servers, and the second that of a chosen service. For example, you can set the update interval for all services (global configuration), or report retention policies for all report servers (global service configuration).
You can also view self-monitoring events from the service configuration areas.
Available services include:
You can display some services by service name, or by host. You can use the System Status service to gather information about, and to control, an individual CA User Activity Reporting Module server.
If you uninstall a CA User Activity Reporting Module server, you must delete the host configuration from the management server repository. The removal of this reference will keep the server up to date with the list of its registered CA User Activity Reporting Module servers.
To delete a service host
The Service List appears.
An expandable tree list of service hosts appears.
The host is removed from the list.
Important! No warning appears when deleting a host. Clicking Delete immediately removes the host, so you must be sure you want to delete the host.
You can set global configurations for all services. If you attempt to save values outside the allowed range, CA User Activity Reporting Module defaults to the minimum or maximum as appropriate. Several of the settings are interdependent.
To edit global settings
The Service List appears.
The Global Service Configuration details pane opens.
Specifies the frequency, in seconds, at which server components apply configuration updates.
Minimum: 30
Maximum: 86400
Specifies the maximum length of an inactive session. If auto-refresh is enabled, a session never times out.
Minimum: 10
Maximum: 600
Lets users auto-refresh reports or queries. This setting lets administrators globally disable auto-refresh.
Specifies the interval, in minutes, at which the report views refresh. This setting depends on the selection of Allow Auto Refresh.
Minimum: 1
Maximum: 60
Sets auto-refresh in all sessions. Auto-refresh is not enabled, by default.
Prevents Auditors or third-party products from viewing Action Alert RSS feeds. This setting is enabled by default.
Specifies the default report.
Displays the default report when you click the Reports subtab. This setting is enabled by default.
Prevents specified tags from appearing in any tag list. Hiding report tags streamlines the view of the available reports.
Lets you hide chosen tags. Hidden tags do not appear in the main query list or the action alert scheduling query list. Hiding query tags customizes the view of the available queries.
Displays the default dashboard when you click the Queries and Reports tab. This setting is enabled by default.
Lets you set the default profile.
Specifies the default profile.
Lets you hide chosen profiles. When the interface refreshes or the Update Interval expires, the hidden profiles do not appear. Hiding profiles customizes the view of the available profiles.
Note: Click Reset to restore the last saved values. You can reset a single change or multiple changes until you save changes. After you save changes, reset your changes individually.
You can edit global service configurations, which are settings that apply to all instances of a given service in your environment. A global service configuration does not override any local service setting that differs from the global setting.
The maximum and minimum configuration values are detailed in the specific service sections. If you attempt to save values outside the allowed range, CA User Activity Reporting Module defaults to the minimum or maximum as appropriate.
To edit a global service configuration
The Service List appears.
The Global Service Configuration display opens in the details pane.
Note: You can click Reset to restore the entry fields to the last saved value. You can reset a single change or multiple changes up to the point you click Save. Once you have saved changes you must reset your changes individually.
Any configuration changes you are applied to all hosts of the selected service, unless they have different local settings.
You can view or edit local service configurations by service or by host server. Local service configurations let you control services or settings that may not apply, or be required, for your entire environment, overriding global settings only for specific hosts. For example, you may want a specific CA User Activity Reporting Module server to retain action alerts longer than others. You control this using a local configuration.
The maximum and minimum configuration values are detailed in the specific service sections. If you attempt to save values outside the allowed range, CA User Activity Reporting Module defaults to the minimum or maximum as appropriate.
To edit a local service configuration
The Service List appears.
The service display expands, showing individual service hosts.
The service configuration you select opens in the details pane.
Global configuration: 
Local configuration: 
Clicking the button changes it from the global to the local setting, and makes its associated value available for use. The value must remain set for local configuration for the setting to take effect: If it is set for global configuration, the global setting for that listener is in effect.
Note: Clicking Reset shows the most-recently saved configuration values for all the available configurations. You can reset a single change or multiple changes up to the point you click Save. Once you have saved changes you must reset your changes individually.
Any changes you make are applied to the selected service host only.
This section includes details and service guidelines to review when making configuration changes in the following CA User Activity Reporting Module services:
The Alerting Service controls the delivery of action alerts. You can perform the following tasks from the alerting service configuration area:
You can configure CA IT PAM integration to leverage either or both of the following types of CA IT PAM processes:
The following procedure addresses both the common settings.
To configure IT PAM integration
The Global Service Configuration: Alerting Service dialog appears.
Note: You can view the Name and Path of the process under Folders in the ITPAM Client.
The Add Value dialog appears.
The parameters required for setting a schedule are displayed.
The following message appears: Confirmation: Configuration changes saved successfully. IT PAM integrations is configured.
You can integrate CA User Activity Reporting Module with ObserveIT for investigating user session recordings.
With ObserveIT, you can do the following:
You can use either a single instance or multiple instances of ObserveIT.
This topic provides an overview of the steps that you must perform as an administrator to integrate CA User Activity Reporting Module with ObserveIT.
To integrate CA User Activity Reporting Module with ObserveIT, perform the following steps:
Integration Considerations
CA User Activity Reporting Module supports integration with OberveIT 5.2.5.1. Before you integrate CA User Activity Reporting Module with ObserveIT, do the following:
Configure CA User Activity Reporting Module to Work with ObserveIT
CA User Activity Reporting Module works with ObserveIT to let you view a user session recording. To integrate CA User Activity Reporting Module with ObserveIT, you must configure ObserveIT server from the CA User Activity Reporting Module interface.
To configure CA User Activity Reporting Module to work with ObserveIT
The Global Service Configuration: Alerting Service window appears. By default, the Administration tab opens.
Note: You can configure an individual CA User Activity Reporting Module server to work with ObserveIT at a local configuration level.
Specifies the address of the ObserveIT server.
Note: If you use a single instance of OberveIT, you must specify the address of the single ObserveIT server in the following format:
http://observeit_appserver:port_number_used_to_install_ObserveIT/ObserveIT
If you use multiple instances of ObserveIT, you must specify the address of the centralized management server in the following format:
http://observeit_centralizedmanagementserver/ObserveITCentralizedManagement/
Specifies the user name of the Administrator who has access to the ObserveIT server.
Specifies the password associated with the Administrator of the ObserveIT server.
The connection to the ObserveIT server is tested. If the connection succeeds, the message 'ObserveIT connection information validated successfully' is displayed. The ObserveIT application server is configured from the CA User Activity Reporting Module server.
CA User Activity Reporting Module lets you view a user session recorded by ObserveIT. You must be an administrator or analyst to view a user session recording. You can view a user session recording when you launch the query viewer through CA User Activity Reporting Module API.
To view a user session recording
The ObserveIT user session recording events dialog opens. The dialog displays all user session recordings available within the time period of the selected event and current time.
Note: A video icon is enabled only if there is an event within the selected time period.
The ObserveIT - Slide Viewer window opens. The selected user session recording is played.
Configure SNMP integration as part of the Global Service Configuration for Report Server. The configuration is the IP address and port of one SNMP trap destination.
You can configure SNMP integration either before or after preparing the destination product to receive and interpret SNMP traps from CA User Activity Reporting Module.
When you create an alert destined for an SNMP trap recipient, you can specify one or more destinations. This configuration serves as the default. This default applies to all servers listed under Report Server.
To configure SNMP integration
The Global Service Configuration: Alerting Service dialog appears.
The Correlation Service controls the rules applied on the correlation server. When you apply a rule it becomes active.
You can associate notification destinations with rules, and enable or disable rules from the Correlation Service Configuration page. You can choose which CA User Activity Reporting Module servers route events to the selected correlation server, or set an Event Limit.
Defines how many events are retained per incident when accumulation is enabled. The Event Limit helps prevent undue traffic caused by correlation in periods of high activity. When this limit is reached, additional events are lost. For example, if your limit is set to 100, a single rule can accumulate up to 100 recorded events, including the initial qualifying event or events. Accumulation continues until the event limit is reached, or more usually, gap or limit values reset the rule.
You can also remove applied correlation rules, making them inactive.
To remove rules from the applied list
The highlighted rules are removed from the active list.
Note: This procedure only removes correlation rules from the active list. They are not removed from the rule library.
The event log store uses a federated system, with each host server maintaining its own local event log store and the ability to contact other stores in your environment. When you query a server for event information, it can search its own local event log store as well as all others connected through the federation. This arrangement allows for flexible storage and archiving of event data.
The event log store archive settings let you specify how often data is archived and where it is stored. Both hot (active) event log stores and warm (archived) event log information are queried. Event information in cold storage (remote) is not queried.
You can configure the following event log store and archiving settings:
Sets the maximum number of events your event log store hot database can contain. When the event count reaches this value, the event log compresses all event information in the hot database and moves it to the warm database.
Minimum: 50000
Maximum: 100000000
Sets the number of days archived files are retained in the archive before being deleted.
Minimum: 1
Maximum: 28000
Defines the percentage of remaining disk space which triggers automatic deletion of the oldest archive files. For example, the default value is 10. When the available event log store space falls below 5 percent, the event log removes the oldest archive files to make more room.
Minimum: 10
Maximum: 90
Defines the number of hours a file restored to the archive (defrosted) is retained in the event log store before deletion
Minimum: 0
Maximum: 168
Controls which of the available summarization or suppression rules are applied to received events. An administrator must apply new summarization or suppression rules before they can begin refining events.
Controls which of the available event forwarding rules are applied to received events.
Controls which of the available event log stores are set as children of the current server. This setting lets you set up separate federation "trees", controlling query access levels. It is only available as a local setting.
Logging settings control how individual CA User Activity Reporting Module modules record internal messages. They are only available as local settings. Logging settings are usually used for troubleshooting purposes. It is not normally necessary to change these settings. It is important to have a good understanding of log files and logging before doing so.
Defines the type and level of detail recorded in the logging file. The drop-down list is arranged in order of detail, with the first choice providing least detail, and the last providing most detail.
Controls whether the Log Level setting overrides all log settings from the log properties file. This setting only applies when the Log Level setting is lower (showing more detail) than the default setting.
Auto Archive Settings enable and control scheduled database archiving jobs, which move warm databases to a remote server.
Note: Before you move scheduled database jobs from one CA User Activity Reporting Module server to another, or to a remote server, you must configure non-interactive authentication between the servers.
You can set the following auto archive values:
Sets an auto archive job to run. The auto archive uses the scp utility as controlled by the other settings.
Controls the backup type: A full archive that copies all database information, or an incremental archive that copies all databases that have not yet been backed up.
Default: Incremental
Specifies whether the archive job runs daily or hourly. A daily job runs at the time you set using the Start Time clock. An hourly job runs every hour on the hour.
Sets the time a daily archive job runs, in whole hours, based on the local sever time. The value is a 24-hour clock.
Limits: 0-23, where 0 means midnight and 23 means 11:00 p.m.
Specifies the user who can perform an archive query, recatalog the archive database, run the LMArchive utility, and the restore-ca-elm shell script. This user must be an Administrator.
Default: Log Manager administrator user
Specifies the password for the user who has the rights defined in the EEM user field.
Specifies the hostname or IP Address of the remote server to which the auto archive job copies the database information.
Specifies the username that the scp utility uses to connect to the remote server.
Default: caelmservice
Specifies the archive file destination on the remote server.
Default: /opt/CA/LogManager
Specifies whether the remote server is a management server or not. If it is, the auto archive job deletes the databases from the local machine when the transfer is complete. It then notifies the remote machine to perform a recatalog.
Controls how wide a time variance is tolerated for the creation of incidents. The Drift End Time and Drift Start Time values allow you to set a value after the current <CALM >server time (future) and before the current CA User Activity Reporting Module server time (past). If an event falls outside that window it is not forwarded for correlation.
Note: The event reception span values are not considered for counting rules. Counting rules only consider events ahead up to 5 minutes. Events with timestamps ahead by more than 5 minutes are ignored, regardless of the Drift End Time value.
You can control the way in which the incident service stores events and creates incidents for a selected CA User Activity Reporting Module server. You can set the following values:
Specifies how long in days the service retains incidents in the incident database. If the value is 0, events are never deleted. Expired incidents are not displayed.
Specifies how often a single correlation rule can create incidents, allowing you to reduce unwanted multiple incidents. For the purposes of incident generation limits, different versions of a rule are considered separate rules. So if you have applied multiple versions of a rule in your environment, they are limited separately. Limit values include:
Indicates whether incident generation limits are applied.
Sets a threshold for the number of incidents generated by a single rule. This value works with the Time value, if that value is above 0. After these numbers are reached, the incident service applies the Blocked Time limit. So if you set Count to 3, and the Time to 10, the limit applies after a single rule generates more than 3 incidents in 10 seconds.
Sets a threshold, in seconds, for the number of incidents generated by a single rule. This value works with the Count value, if that value is above 0. After these numbers are reached, the incident service applies the Blocked Time limit. So if you set Count to 3, and the Time to 10, the limit applies after a single rule generates more than 3 incidents in 10 seconds.
Specifies an interval in seconds, when a rule is blocked from creating further incidents. When this limit is reached, the rule creates no incidents until the time expires.
You can install an ODBC client or a JDBC client to access the CA User Activity Reporting Module event log store from an external application like SAP BusinessObjects Crystal Reports.
You can perform the following tasks from this configuration area:
The field descriptions are as follows:
Indicates whether the ODBC and JDBC clients can access data in the event log store. Select this check box to enable external access to events. Clear the check box to disable external access.
The ODBC service is not currently FIPS-compatible. Clear this check box to prevent ODBC and JDBC access if you intend to run in FIPS mode. This prevents non-compliant access to event data. If you intend to disable the ODBC and JDBC service for FIPS mode operations, ensure that you set this value for each server in a federation.
Specifies the port number used by the ODBC or JDBC services. The default value is 17002. The CA User Activity Reporting Module server refuses connection attempts when a different value is specified in the Windows Data Source or the JDBC URL string.
Indicates whether to use encryption for communications between the ODBC client and the CA User Activity Reporting Module server. The CA User Activity Reporting Module server refuses connection attempts when the corresponding value in the Windows Data Source or JDBC URL does not match this setting.
Specifies the number of minutes to keep an idle session open before it is closed automatically.
Defines the type and level of detail recorded in the logging file. The drop-down list is arranged in order of detail, with the first choice providing least detail.
Controls whether the Log Level setting overrides all log settings from the properties file of the log. This setting only applies when the Log Level setting is lower (showing more detail) than the default setting.
The report service controls custom ODBC connection configuration, the administration of automatically delivered reports, and Action Alert and report retention.
To create an external ODBC connection:
Note: If you select Oracle from the ODBC Driver drop-down list, a schema field appears, allowing you to enter individual schema objects. Enter at least one schema.
A confirmation message appears. The connections you create appear in the connection list of the query design wizard.
You can set the total Actions Alerts retained, and number of days they are retained in the Alert Retention area:
Defines the maximum number of action alerts the reporting server retains for review.
Minimum: 50
Maximum: 1000
Defines the number of days action alerts are retained, up to the maximum number.
Minimum: 1
Maximum: 30
You can control the company name and logo, header and footer content and color, fonts, and other PDF reports settings in the Report Configurations area:
The rule test service controls how CA User Activity Reporting Module tests correlation rules. You can set the following rule test values.
Defines how many events are retained per incident when accumulation is enabled. The Event Limit helps prevent undue traffic caused by correlation in periods of high activity. When this limit is reached, additional events are lost. For example, if your limit is set to 100, a single rule can accumulate up to 100 recorded events, including the initial qualifying event or events. Accumulation continues until the event limit is reached, or more usually, gap or limit values reset the rule.
Defines the number of rule tests that can be run simultaneously on a single CA User Activity Reporting Module server.
A Proxy/Client server system delivers subscription updates. The first server you install is set as your Default Subscription Proxy server, which contacts the CA Technologies Subscription Server periodically to check for updates. Subsequent installations are configured as clients of that proxy server, contacting it periodically for updates. If they fail to make contact, a self-monitoring event is logged.
The default system reduces network traffic by eliminating the need for each server to contact the CA Technologies Subscription Server directly, but is fully configurable. You can add proxy servers as needed.
You can also reduce internet traffic still further by creating offline proxy servers, which store update information locally and provide it to clients when contacted. Support any offline proxy servers by manually copying everything in the download path of the online proxy to the download path of the offline proxy. Offline proxies must be configured in environments where there are CA User Activity Reporting Module servers that cannot access the Internet or an internet-connected server.
When configuring the Subscription Service, consider the following information about certain settings and their interactions:
Defines the default proxy server for the Subscription Service. The default subscription proxy must have internet access. If no other subscription proxies are defined, this server gets subscription updates from the CA Technologies Subscription server, downloads binary updates to all clients, and distributes content updates to the CA User Activity Reporting Module user store. If other proxies are defined, clients contact this server for updates when no subscription proxy list is configured or when the configured list is exhausted. The default value is the first server installed in your environment. This value is only available as a global setting.
Defines the key used to test and verify the signature used to sign the updates. When a public-private key pair is updated, the proxy downloads the update to the public key value, and the proxy updates the public key. This value is only available as a global setting.
Important! Never manually update this value.
Controls whether the local server is a subscription proxy. If the subscription proxy check box is cleared, the server is a subscription client.
Starts an on demand update cycle immediately for the selected server. You can perform an on demand update for only one server at a time; this option is not available globally. Update a subscription proxy server before you update its subscription client.
Controls whether the local server is an online subscription proxy. An online subscription proxy uses its internet access to get subscription updates from the CA Technologies Subscription server and distribute them to the CA User Activity Reporting Module environment. To designate a server as an online subscription proxy, select both the Subscription Proxy check box and the Online Subscription Proxy option. This value is only available as a local setting.
Controls whether the local server is an offline subscription proxy. An offline subscription proxy is a server that gets subscription updates through a manual directory copy (using scp) from an online subscription proxy. Offline subscription proxies do not need internet access. To designate a server as an offline subscription proxy, select both the Subscription Proxy check box and the Offline Subscription Proxy option. This value is only available as a local setting.
Defines the URL of the CA Technologies Subscription server. Online subscription proxies use this URL to access the CA Technologies Subscription server and download subscription updates.
Lets you select from the modules available for download the modules that apply to your CA User Activity Reporting Module environment. Click Browse to display this dialog; the modules you select appear in the Modules list.
Modules selected are downloaded from the CA Technologies Subscription Server during subscription updates. Modules for download can be selected at the global level; other configured subscription proxies download these modules by default during update. Modules for download can also be selected at the local level for individual proxy and client servers. Doing so overrides global settings so that only the selected modules download to the given server. Modules selected for clients are used to update corresponding modules installed on the client. You can select a module to download for a client that is not selected for its proxy. The proxy retrieves it for the client, but does not install it on itself.
Note: If not populated, set the RSS Feed URL. This setting lets the system read the RSS Feed and, at the next update interval, display the list of available modules to download.
Displays the modules selected in the RSS Feed Browser dialog. The default subscription proxy and all other online proxies download these modules from the CA Technologies Subscription Server during the update process. The modules listed can be modules chosen for download at the global level, or can reflect modules selected for a given server at the local level.
Controls whether this server contacts the CA Technologies Subscription Server through an HTTP Proxy for updates, rather than directly.
Specifies the full IP Address of the HTTP Proxy.
Specifies the Port number used to contact the HTTP Proxy.
Specifies the user ID used to contact the HTTP Proxy.
Specifies the password used to contact the HTTP Proxy.
Specifies the start time and frequency for CA User Activity Reporting Module servers to request subscription updates. Online subscription proxy servers (including the default proxy server) contact the CA Technologies Subscription Server, and proxy clients contact their proxy servers, according to this schedule. The schedule can be set globally for all CA User Activity Reporting Module servers; it can also be overridden locally for a given server.
Lets you set which proxies are contacted, in a round robin fashion, for product and operating system updates by all clients or the selected client. You can use the up/down arrows to control the order in which the client contacts the subscription proxies. The client downloads updates from the first proxy it successfully reaches. If none of the configured proxies are available, the client contacts the default subscription proxy.
Lets you select which proxies are used to distribute content updates to the user store. You can select offline proxies or online proxies. This value is only available as a global setting.
Note: Consider selecting more than one server to act as a subscription proxy for content updates, for redundancy.
You can use the System Status service to gather information about, and to control, a CA User Activity Reporting Module server. You display system status only for individual CA User Activity Reporting Module servers. All settings and options apply at the local level.
The System Status service offers the following tabs:
Local listeners receive and collect native events from certain types of sources using various types of CA adapters.
You can view and edit two types of individual adapter configurations.
You can also view self-monitoring events for each adapter service or adapter host from the individual adapter's global or local configuration areas.
If you are not using CA Adapters, you can disable the CA Adapter services to increase the performance of the CPU and memory usage. You can enable the CA Adapter services when you want to use CA Adapters.
If you upgraded to the current CA User Activity Reporting Module release from any release earlier to CA User Activity Reporting Module 12.5.05, the CA Adapters services are enabled by default. If you installed the current CA User Activity Reporting Module release, the CA Adapters services are disabled by default.
To enable the CA Adapters services, perform the following steps:
Note: By default, the disabledModules folder is created starting from CA User Activity Reporting Module 12.5.05. If you are using any previous release of CA User Activity Reporting Module 12.5.05, create the folder in the $IGW_LOC folder.
To disable the CA Adapters services, perform the following steps:
Note: By default, the disabledModules folder is created starting from CA User Activity Reporting Module 12.5.05. If you are using any previous release of CA User Activity Reporting Module 12.5.05, create the folder in the $IGW_LOC folder.
You can edit global adapter configurations, which are settings that apply to all instances of a given CA Adapter in your environment. For example, you could make configuration changes that apply to all SAPI collectors running in your environment. A global adapter configuration does not override any local adapter settings that differ from the global setting.
To edit a global adapter configuration
The Log Collection folder list appears.
The folder expands, displaying subfolders for each adapter.
The Global Service Configuration display opens in the details pane.
Note: Clicking Reset restores the configuration values to the most-recently saved states. You can reset a single change or multiple changes up to the point you click Save. Once you have saved changes you must reset your changes individually.
Any configuration changes you make will be applied to all hosts of the selected adapter, unless they have differing local settings.
You can view or edit local adapter configurations. Local adapter configurations allow you to control settings that may not apply, or be required, for your entire environment. They override global settings only for specific adapter hosts. For example, you may want a specific SAPI adapter host to listen on a different port. You can set this behavior using a local configuration.
To edit a local adapter configuration
The Log Collection folder list appears.
The folder expands, displaying subfolders for each adapter.
The service display expands, showing adapter hosts.
The host configuration you select opens in the details pane.
Global configuration:
Local configuration:
Clicking the button changes it from the global to the local setting, and makes its associated entry field available for use. The entry field must remain set for local configuration for the setting to take effect: If it is set for global configuration, the global setting for that adapter is in effect.
Note: Clicking Reset shows the most-recently saved configuration values for all the available configurations. You can reset a single change or multiple changes up to the point you click Save. Once you have saved changes you must reset your changes individually.
Any changes you make are applied to the selected adapter host only.
You can monitor adapter service activity and troubleshoot problems by viewing self-monitoring events for each adapter service host. You can see pre-screened events from the individual adapter's global or local configuration areas.
To view adapter self-monitoring events
The Log Collection folder list appears.
The folder expands, displaying subfolders for each adapter service.
The adapter configuration appears in the details pane
An event viewer window showing appropriately-filtered events appears. For example, if you select the iTechnology Event Plugin folder in Step 3, you see self-monitoring events for all instances of the iTechnology Event Plugin. If you select a specific host from the iTechnology Event Plugin folder, you see only events relating to that specific iTechnology host.
Note: Your federation structure controls which events are visible. If no federation is set up then you will only see local events, regardless of which host you select.
You can view the current status of certain CA adapter services, including start time, running state, and event delivery information and statistics. You cannot view the status of the iTechnology Event plug-in service.
To view an adapter status
The Log Collection folder list appears.
The folder expands, displaying subfolders for each adapter service.
The service display expands, showing individual adapter hosts.
The host configuration you select opens in the details pane.
The Status information appears.
Note: Status information appears only in the local configuration panel.
CA User Activity Reporting Module uses two instances of a CA Audit Submit Application Programming Interface (SAPI) service, one installed as the SAPI Collector, the other as the SAPI Router. The SAPI services are generally used to receive events from existing CA Audit clients and integrated products. You can configure the SAPI adapters using the following settings:
Activates the selected service. This setting is enabled by default.
Sets a specific port number for the selected service, if it is not registered with the portmapper. The default value, 0, allows the service to use a randomly-determined port, if the Register check box is selected.
Note: The port number must be different for the SAPI Collector and Router. If the same ports are set for both services, the second one set will not function/.
Controls whether the service registers with the system portmapper. If you select Register and enter 0 in the SAPI Port field, a random port is selected each time the service starts. This is the default setting for both fields. If Register is not selected, you must specify a SAPI port.
Defines the encryption key, if you use a non-standard encryption key in your CA Audit environment, which the SAPI adapter uses to read incoming SAPI events.
Ensures that events are sent to the event log store in the same order in which they are received. If event ordering is disabled, the order may be changed if some events are parsed and sent onward more quickly than others. Enabling event ordering may affect performance by increasing the size of the event queue.
Defines the maximum number of events in the event processing queue, allowing control of processing resources. Entering 0 in this field means that no throttling occurs. Events that exceed this threshold will be delayed at the source.
Defines the number of processing threads for each protocol. Using many processing threads will speed up processing if event ordering is disabled. If event ordering is enabled, the thread count will have no effect. Using many threads may have performance implications.
Logging settings control how individual CA User Activity Reporting Module modules record internal messages. They are only available as local settings. Logging settings are usually used for troubleshooting purposes. It is not normally necessary to change these settings, and you should have a good understanding of log files and logging before doing so.
Defines the type and level of detail recorded in the logging file. The drop-down list is arranged in order of detail, with the first choice providing least detail, and the last providing most detail.
Controls whether the Log Level setting overrides all log settings from the log's properties file. This setting only applies when the Log Level setting is lower (showing more detail) than the default setting.
The iTechnology service controls events sent through the iGateway daemon. You can configure the service by setting which of the available data mapping (DM) files the service uses for event mapping, using the DM file shuttle control.
The event plug-in service is preconfigured to include most of the major data mapping files.
Logging settings control how individual CA User Activity Reporting Module modules record internal messages. They are only available as local settings. Logging settings are usually used for troubleshooting purposes. It is not normally necessary to change these settings, and you should have a good understanding of log files and logging before doing so.
Defines the type and level of detail recorded in the logging file. The drop-down list is arranged in order of detail, with the first choice providing least detail, and the last providing most detail.
Controls whether the Log Level setting overrides all log settings from the log's properties file. This setting only applies when the Log Level setting is lower (showing more detail) than the default setting.
You can do the following things from within the System Status service:
You can review the status and version for services running on a selected CA User Activity Reporting Module server. Clicking Support Diagnostics executes the LmDiag.sh script provided with CA User Activity Reporting Module.
This utility packages system information and log files into a compressed .tar file for transmission to CA Technologies Support personnel. You can transfer this file using FTP or another file transfer method.
Note: Some of the information in the resulting file can be sensitive, for example, IP addresses, system configurations, hardware logs, and process logs. Use a secure method for storing and transporting this file.
To create a diagnostic file
The System Status Service Configuration displays the Administration tab.
The utility creates the file and downloads it to the specified location. The utility closes automatically when the file is copied.
You can review the status and version for services running on a selected CA User Activity Reporting Module server.
Important! Use this feature only when necessary, or when directed to do so by CA Technologies Support. Rebooting a CA User Activity Reporting Module server causes it to stop receiving, parsing, and storing event logs until the reboot is complete. If you reboot the management server, the managed CA User Activity Reporting Module sessions on other, associated servers must log out and log back in again.
To reboot a host server
The System Status Service Configuration displays the Administration tab.
You can restart the ELM services running on a selected CA User Activity Reporting Module server.
Important! Use this feature only when necessary, or when directed to do so by CA Technologies Support. Restarting the ELM services causes the affected CA User Activity Reporting Module server to stop receiving, parsing, and storing event logs until the restart is complete. If you restart the management server, the current session and all other CA User Activity Reporting Module sessions on other servers must log out and log back in again.
To restart the ELM services
The System Status Service Configuration displays the Administration tab.
You can review the status and version for services running on a selected CA User Activity Reporting Module server.
To review status
You can review the status and version for services running on a selected CA User Activity Reporting Module server. The status messages include events related to processor and disk space usage, CPU load averages, memory use, hardware access and usage, and other events.
To review self monitoring events
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|