2.0 Operating System Support
2.1 eTrust Audit Client
2.2 Audit Administrator (Policy Manager)
2.3 Audit Data Tools
3.0 System Hardware Requirements
4.0 Installation Considerations
6.0 Documentation Changes and Additions
6.1 Install Data Tools on Windows
6.2 Install Event Recorders on Solaris Systems
7.0 Known Issues
7.1 eTrust Audit Client
7.1.1 Custom Silent Install Fails When the iRecorder Option Is Not Selected
7.1.2 AUD--Screen Action Does Not Work on Windows 2008
7.1.3 Silent Installation with Custom Configuration Does Not Work
7.1.4 Installation of iGateway Fails on HP-UX (PA-RISC)
7.1.5 Language-Specific IDs Not Formatted in Windows 2008
7.2 eTrust Audit Administrator
7.2.1 Audit Administrator Interface May Become Inoperative While Viewing Reports or Graphs
7.2.2 Computer Becomes Unresponsive When Running Visualizer Queries
7.2.3 Audit Host Discovery Not Working After Upgrade
7.3 eTrust Audit Data Tools
7.3.1 Viewer Slows Down When Using "Show all events" Filter
7.3.2 Improper Results When Using Viewer Filters
7.3.3 Viewer Displays Error While Refreshing
7.3.4 Viewer Experiences Error after Standalone Viewer Installation
7.3.5 Post-Collection Utility Does Not Process Default Jobs
7.3.6 Collector Service Fails to Start
7.3.7 Cannot Insert Events in the Collector Database
7.3.8 Oracle Database Option Is Disabled Even though Oracle Is Installed on Windows 64 bit
7.3.9 Events Cannot Be Inserted in Database after Upgrade to eTrust Audit Data Tools r8
7.3.10 Policy Manager Database Connection Fails
7.3.11 Exporting Generated Reports to Oracle ODBC Tables Fails
7.3.12 Attempting Refresh on Generated Report Displays "Logon Failed" Message
7.3.13 Handle Statement Exception in Viewer
7.3.14 Reporter Failed to Enumerate Jobs Error
7.4 General
7.4.1 Unable to Set Up Services after eTrust Audit Install or Upgrade
7.4.2 eTrust Audit Services Fail to Stop
7.4.3 ac_set_env.sh Command Fails
7.4.4 iGateway Installation Fails on HP-UX 11.31. (PA-RISC)
7.4.5 Help Topics Are Not Displayed for All Audit Components
7.4.6 Text in CFG Files Is Unreadable when Opened with Wordpad in Non-English Windows
7.4.7 Received Postscript Printer Driver Error
7.4.8 Category Field in NTEventLog iRecorder for Windows 2008 Is Only in English
7.5 Knowledge Base
7.5.1 eTrust Audit SNMP Recorder Cannot Fetch Events
7.5.2 Unable to Set Up Services after eTrust Audit Install or Upgrade
7.5.3 Received "Failed to Find Local Router" Error Using Generic Recorder
7.5.4 Changes to iRecorder Not Reflected in List of iRecorder Hosts
7.5.5 Default Policies Folder Not Visible in Policy Manager
7.5.6 Using Non-Latin Characters in Policy Manager Displays Warning
7.5.7 Microsoft SQL Server Connection Fails
7.5.8 Show top records Option Disabled in eTrust Audit Viewer
7.5.9 Report Templates Not Localized in eTrust Audit Reporter
7.5.10 Post-Collection Utility Cannot Be Installed
7.5.11 Newly Generated Events Not Displayed
7.5.12 Data Tools Uninstall Removes eAudit_DSN ODBC Data Source
7.5.13 Mail Delivery Problems Using SMTP
7.5.14 eTrust Audit Components Do Not Function Properly after Upgrading
7.5.15 eTrust Audit Services Fail to Stop
7.5.16 eTrust Audit Services Do Not Start after Upgrading from eTrust Audit 1.5
8.0 International Support
8.1 Localized and Customizable Component Considerations
8.2 Audit Components
8.3 Documentation
Welcome to eTrust Audit r8 SP1 CR3. This file contains product installation considerations, operating system support, documentation changes, known issues, and information about contacting CA Customer Support.
The following topics describe the supported operating systems for eTrust Audit components.
The following are the supported operating systems for Audit Client:
Note: Audit Client distribution through Unicenter Software Delivery (USD 4.0 SP1) on HPUX 11iv2 and 11iv3 (IA-64) is not supported.
Note: iRouter not supported for Audit 64 Bit mode on HP-UX IA-64.
The following are the supported operating systems for Audit Administrator (Policy Manager):
Important! Audit Administrator (Policy Manager) requires Microsoft Internet Explorer 6.0 with Service Pack 1 or Microsoft Internet Explorer 7.0.
Note: Policy Manager bundles Microsoft Access 2000 Policy Manager Database.
The following are the supported operating environments for the Audit Data Tools:
The prerequisites for each operating environment are as follows:
Microsoft Access 2000, Microsoft Access 2003, Microsoft SQL Server 2000 SP4, Microsoft SQL Server 2005 SP2, Microsoft SQL Serer 2008, Oracle 9i, Oracle 10g, or Oracle 11g
Oracle 9i or 10g or 11g
Oracle 9i or 10g or 11g (enable 64-bit operation in AIX kernel using AIX smit system administration tool)
Note: Security Monitor, Audit Viewer and Audit Reporter are supported only on Windows operating environments.
The following are the minimum hardware requirements to run eTrust Audit:
| Product | Operating Environment | CPU | CPU Speed | RAM (MB) | Disk Space (MB) | System Class |
|---|---|---|---|---|---|---|
| Client | Microsoft Windows 2000 SP4 Microsoft Windows XP SP2, SP3 Microsoft Windows 2003 SP1, SP2, R2 Microsoft Windows 2008 |
1xPentium IV | 1 GHz | 128 | 100 | |
| IBM AIX 5.3, 6.1 | POWER
|
1 GHz | 512 | 100 | Workstation-class computer | |
| HP-UX 11.11, 11.23, 11.31 | PA-RISC | 1 GHz | 512 | 100 | Workstation-class computer | |
| HP –UX 11iv2 (11.23), 11iv3 (11.31) | Intel Itanium IA-64 | 1 GHz | 512 | 100 | ||
| Red Hat Linux AS 3.0 U4, ES 4.0, ES 5.0, ES 5.1 | Pentium IV | 1 GHz | 512 | 100 | Workstation-class computer | |
| SuSe Linux ES 9, ES 10 | Pentium IV | 1 GHz | 512 | 100 | Workstation-class computer | |
| Sun Solaris 9, 10 | UltraSPARC
|
1 GHz | 512 | 100 | Workstation-class computer | |
| Policy Manager | Microsoft Windows 2000 SP4 Microsoft Windows XP SP2, SP3 Microsoft Windows 2003 SP1, SP2, R2 Microsoft Windows 2008 |
1xPentium | 1 GHz | 128 | 300 | |
| Data Tools with Microsoft Data Access Components (MDAC) 2.1 | Microsoft Windows 2000 SP4 Microsoft Windows XP SP2, SP3 Microsoft Windows 2003 SP1, SP2, R2 Microsoft Windows 2008 |
1xPentium | 1 GHz | 256 | 1000 | |
| Data Tools without DBMS | IBM AIX 5.3, 6.1
|
POWER | 1 GHz | 512 | 100 | Workstation-class computer |
| HP-UX 11.11, 11.23, 11.31 | PA-RISC | 1 GHz | 512 | 100 | Workstation-class computer | |
| HP –UX 11iv2 (11.23), 11iv3 (11.31) | Intel Itanium IA-64
|
1 GHz | 512 | 100 | Workstation-class computer | |
| Sun Solaris 9, 10 | UltraSPARC
|
1 GHz | 512 | 100 | Workstation-class computer | |
| Data Tools with DBMS | IBM AIX 5.3, 6.1 | 2xPOWER
|
1 GHz | 1000 | 1000 | Server-class computer |
| HP-UX 11.00, 11.11, 11.31 | 2xPA-RISC
|
1 GHz | 1000 | 1000 | Server-class computer | |
| HP-UX 11iv2 (11.23), 11iv3 (11.31) | Intel Itanium IA-64
|
1 GHz | 1000 | 1000 | Server-class computer | |
| Sun Solaris 9, 10 | 2xUltraSPARC | 1 GHz | 1000 | 1000 | Server-class computer | |
| Audit Admin Browser with Visualizer Engine, IE 6, IE 7 | Microsoft Windows 2000 SP4 Microsoft Windows XP SP2, SP3 Microsoft Windows 2003 SP1, SP2, R2 Microsoft Windows 2008 |
Pentium IV | 1 GHz | 1000 | 100 |
For complete installation instructions, see the Implementation Guide.
The eTrust Audit r8 SP1 CR3 Windows version is released as a downloadable version from the CA Support web site.
If you are upgrading an existing installation of eTrust Audit, review the following:
Note: You may see an error message when upgrading Audit Data Tools, if the eTrust Security Command Center agent is installed on the computer. This indicates the eTrust Security Command Center agent Data Tools interface is still CR1. This message is a reminder that you must upgrade the eTrust Security Command Center Agent for it to function properly.
For installation planning and information about the distributed components of eTrust Audit, see the eTrust Audit Implementation Guide.
You can access the documentation for the latest release on the CA Support web site. For assistance, contact Technical Support at http://ca.com/support.
This section contains a list of documentation changes and additions to documentation.
Updates to published guides are made available through the Support web site.
You can install the eTrust Audit Data Tools to access the Viewer, Reporter, and Security Monitor features. The Data Tools should be installed before you install the eTrust Audit Policy Manager.
To install the eTrust Audit Data Tools on a Windows computer
Note: This procedure applies to both Microsoft SQL Server and Oracle. During the installation, you specify your database type and enter the necessary configuration information.
The eTrust Audit installation Main Menu page appears.
The Install eTrust Audit Components page appears.
The End User License Agreement page appears.
The Choose Destination Location page appears.
The Optional Components page appears.
The Select Language for eTrust Audit page appears.
The Outgoing Encryption Method page appears.
The Database Type page appears.
Note: Microsoft Access is the default database system, but should only be used for demonstration purposes and not on any production systems.
The Database Configuration page appears. Refer to your Database Planning Worksheet (in the Implementation Guide) for the database information.
For SQL Server authentication, enter the Server, User name, Password, and Database name.
For Windows NT authentication, enter only the Server and Database name, as your Windows login credentials are used to access the database.
Note: Windows NT authentication supports only a local Microsoft SQL database server. This means the Data Tools and the Microsoft SQL Server database need to be on the same server to enable Windows NT authentication.
The SMTP Server page appears.
You have the option to skip this feature.
The Specify Name of Monitor Machine page appears.
This specifies the Security Monitor computer where the Data Tools sends internal or self-monitoring messages.
Note: If the Security Monitor is being installed on the same server as the Data Tools server, enter localhost. If the Security Monitor is being installed on a different server, enter that server name.
The eTrust Audit Data Tools Services Administrator page appears.
The Setup Services page appears.
This page lets you change the account under which the eTrust Audit Portmap and Collector services run.
The Start Copying Files page appears, listing your specifications for the installation.
A Setup status page appears, showing the progress of the installation.
When finished, a message appears indicating that the installation of the Data Tools components is complete.
You can install an event recorder on Solaris systems to capture events generated from CA or third-party products. The installation instructions that follow apply to Solaris systems only.
To install an iRecorder on a Solaris system from a downloaded package
(missing packagename)-version-sunos.sh
The iRecorder installation starts.
The installer deploys the following files:
After you install the iRecorder you can find the files in the default installation directory, /opt/CA/SharedComponents/iTechnology.
Note: If the installation reports problems, it may be due to incorrect installation parameters. The problem may be corrected if you uninstall the iRecorder and install it again.
To install the event recorder on Solaris from DVD media
The Solaris operating system automatically mounts your media on a system directory such as /cdrom.
Locate an entry that contains /cdrom under the heading Mounted on. If the entry exists, the media is mounted.
If there is no such entry in the df output, mount the media according to instructions in the Solaris System Administration Manual. For example:
mount –F hsfs –o ro /dev/dsk/c0t1d0/s1s7cc_v10n1 /cdrom
cd /cdrom/eTrust/Audit/iRecorders/Solaris
./install_eAudit
The End User License Agreement appears.
AES 128 bit is the recommended encryption level.
Note: You can select additional eTrust Audit components for Solaris systems to install at this time. For installation instructions for those components, see Install the Client Component or Install the Data Tools.
This specifies the Security Monitor server where the eTrust Audit Data Tools sends internal or self-monitoring messages.
The installation prompts you for the selected recorder's configuration parameters.
When finished, a message appears indicating the installation of the component is complete.
This section describes known issues, workarounds, and solutions for eTrust Audit.
The topics that follow describe the known issues, workarounds, and solutions for eTrust Audit Client.
Symptom:
When the iRecorder option is not selected on the Optional Components dialog when recording the custom silent response file for eTrust Audit Client, the installation fails when the silent installation runs.
Solution:
When creating a custom silent response file for the eTrust Audit Client, select the iRecorder option. This lets you successfully install the Client silently.
Symptom:
When you attempt to specify the Screen Action for an Audit Client installed on Windows 2008, it does not work.
Solution:
The Screen Action is not supported as the default Messenger service is not available on Windows 2008. You must install the Messenger service first, so that you can specify the Screen Action.
Symptom:
Silent installation does not work when the silent install file (ISS) is created using custom install options.
Solution:
You must specify the name of any feature you want to install using the command line for silent installation. To install Audit components silently using custom selection options, use the following command:
Client.exe /s /f1 "<path of ISS>"
Append the command with the feature you selected explicitly in the installation wizard.
For example
Client.exe /s /f1"<path of ISS> /z"RECORDER_FEATURE""
Client.exe /s /f1"<full path of ISS> /z"UNICENTER_ FEATURE""
Client.exe /s /f1"<full path of ISS> /z "DOCS_ FEATURE""
Client.exe /s /f1"<full path of ISS> /z"RECORDER_FEATURE UNICENTER_FEATURE""
Symptom:
While installing the Audit Client on an HP-UX system, iGateway fails to install with the error message "iGateway Sanity Test failed with Error Code 1."
Solution:
Increase "thread count" (max_thread_proc) to 1024 using the SAM utility and then install iGateway.
Symptom:
The language-specific IDs in the NTEventLog iRecorder are not formatted with the parameter message file. The parameter message file is no longer stored in a specific location in the registry for Windows 2008.
Solution:
No workaround is available.
The topics that follow describe the known issues, workarounds, and solutions for eTrust Audit Administrator.
Symptom:
When using the eTrust Audit Administrator to configure a report, you select a query from the list of Queries. This configures a report or a visual analyzer. The Audit Administrator may become inoperative if you click the View Report or View Graph buttons multiple times.
Solution:
In order to view graphs, you must install the Visualizer on the same computer as the Audit Administrator.
Note: The Visualizer is included in the Policy Manager Windows install package and is installed by default.
The View Report and View Graph buttons initiate a long-running database query. If you click these buttons multiple times, ODBC may experience a fatal error and render the Audit Administrator interface inoperative.
To avoid this situation, click View Report or View Graph button only once, and wait until the results are returned to the Audit Administrator interface.
Symptom:
When a query is run to extract a large volume of data in an eTrust Audit database of about a million rows, the computer stops responding.
Solution:
When executing a query the computer allocates all resources to processing data and may stop responding. To free up system resources, stop the query manually from the database management interface, or restart the iGateway service.
To prevent slowdowns, limit the queries to a small set of rows.
Example:
Specify a limited date range in the query to return a smaller set of data.
Symptom:
The Host Discovery of all jobs scheduled earlier does not work after upgrade.
Solution:
Remove and then re-create the existing jobs from eTrust Audit Admin user interface.
The topics that follow describe the known issues, workarounds, and solutions for eTrust Audit Data Tools.
Symptom:
When using the Show all events filter in the eTrust Audit Viewer, the Viewer becomes slow or stops responding.
Solution:
With the Show all events (as opposed to Show top records) option selected, the Viewer can be slow and unresponsive when processing large amount of data from the Collector database. It also waits for the query to return data from the database, so if the data is difficult to locate, the Viewer can appear unresponsive. This happens when the query is searching matched rows using non-indexed fields of the Collector database. Either wait for the results to return, or exit the application.
You can use more specific selection criteria to reduce the result set size and prevent slowdowns. Generally, you should use a report when you want to look at a set of data that would span more than a couple of screens in the Viewer.
Example:
Limit the range of dates in the query, or select Show top records and specify a smaller number of records to view (no more than 1000).
Symptom:
When using a Microsoft SQL Server or Oracle database for the Collector database, the eTrust Audit Viewer filter does not give proper results.
Solution:
The eTrust Audit Viewer filters are case-sensitive for Microsoft SQL Server or Oracle Collector databases. You must use the correct character type when defining the filters.
Symptom:
When using Oracle database, an error appears when refreshing the Viewer.
Solution:
Do the following:
Symptom:
If the Viewer is installed on a computer as a standalone component, attempting to access it displays the error messages, "Failed to fetch handle statement for record set" and "Error due to SQL Statement execution."
Solution:
Create the DSN in the ODBC administrator manually and specify the name in the Viewer.
Symptom:
When upgrading from eTrust Audit r8 to r8 SP1, the Post-Collection Utility does not process default jobs that were modified by the user.
Solution:
For eTrust Audit r8, the Post-Collection Utility upgrade keeps all old original jobs in a .conf file after the upgrade. The upgrade inserted new jobs that were not present in the original aries.conf file. Therefore, if a user modifies the default jobs before the upgrade, the modified jobs remain after the upgrade.
For eTrust Audit r8 SP1, the Post-Collection Utility upgrade backs up the original aries.conf file to aries.bX, where X is a unique number. Newer backups do not overwrite the older ones. The upgrade refreshes all default jobs back to the out-of-box state. So, if a user modifies the default jobs before the upgrade, the modifications are removed from the aries.conf file and stored in the backup aries.bX files.
Custom jobs are not affected in either case.
Valid on Windows
Symptom:
When running the eTrust Audit Collector service on Windows for the first time after installation, an error message appears indicating that the Data Source failed to open, and the Collector service fails to start.
Solution:
Do the following:
HKEY_USERS\DEFAULT\Software\ODBC\ODBC.INI HKEY_CURRENT_USER\Software\ODBC\ODBC.INI
Valid on AIX
Symptom:
Events cannot be inserted in bulk to an Oracle 9i Release 2 Collector database when running on an AIX system.
Solution:
A limit of 500 rows for a single bulk insert operation exists for Oracle 9i Release 2 databases running on AIX. The Collector database configuration parameter, MaxBulkInsertRows, is limited to a maximum of 500 rows for this database and operating system combination.
Symptom:
Data Tools installation fails to detect Oracle 11g installed on Windows 64 Bit machines and the option to select Oracle remains disabled.
Solution:
Oracle 11g 64 bit does not install all of the 32 bit libraries. Install the Oracle 11g/10g 32 bit client to have the product installed on 64 bit Windows with Oracle 11g DB connection.
Symptom:
After upgrading from eTrust Audit 1.5 Data Tools to eTrust Audit r8 Data Tools, events cannot be inserted into an existing eTrust Audit database.
Solution:
The field type for the ENTRYID field has changed from int (32-bit) to bigint (64-bit). You must convert any existing tables such as SEOSDATA, AuditExtendString, and AuditSign to the new data type.
Note: We recommend that you backup the eTrust Audit r1.5 database and create a new database when upgrading to eTrust Audit Data Tools r8.
Symptom:
When the Policy Manager database is located on a different workstation from the Policy Manager program and Distribution Server service, the connection sometimes fails.
Solution:
If the Policy Manager program and Distribution Server service cannot connect to the computer where the Policy Manager database resides, restoring the connection may not solve the problem.
After the connection is restored, restart the Distribution Server service and reopen the Policy Manager.
Symptom:
When attempting to export generated reports to an Oracle database using ODBC, Crystal Reports displays a message, "Reports containing binary fields may not be exported to ODBC tables."
Solution:
No workaround is available. Do not export generated reports to an Oracle database connection.
Symptom:
Clicking the Refresh button in a report generated by Crystal Reports displays a message, Logon failed. Any other operation attempted afterward fails on that generated report.
Solution:
Close and re-open the report to restore functionality.
Symptom:
Launching an eTrust Audit Viewer connected to Microsoft SQL Server 2008 throws an exception "Failed to Fetch handle statement for record set."
Solution:
Click OK and continue. This error usually occurs when the database is empty.
Symptom:
Launching the eTrust Audit Reporter connected to a Microsoft SQL Server 2008 database throws an exception, "Failed to enumerate jobs: unspecified error."
Solution:
Click OK and continue. This error usually occurs when database is empty or when jobs are scheduled.
The topics that follow describe the general known issues, workarounds, and solutions for eTrust Audit.
Symptom:
While installing, upgrading, or uninstalling eTrust Audit, an attempt to start, stop, add, or remove an eTrust Audit or iGateway service causes the installation, upgrade, or uninstall to fail.
Solution:
The Service Applet Window sometimes locks the service table. If the eTrust Audit install, upgrade, or uninstall process attempts to start, stop, add, or remove a service while the table is locked, the task will fail causing the install, upgrade, or uninstall to fail. The Service Applet window must be closed when installing, upgrading, or uninstalling eTrust Audit.
Symptom:
Attempts to stop eTrust Audit services sometimes fail.
Solution:
If the eTrust Audit services cannot be stopped, use the kill.exe utility from the eTrust Audit installation directory to kill the service executables.
Valid on HP-UX
Symptom:
When running ". ./ac_set_env.sh within a POSIX shell session, the command fails with the following error:
sh: SHLIB_PATH: Parameter not set
Solution:
Run a Korn shell session (/usr/bin/ksh), and then run the following command again:
. . /ac_set_env.sh
Symptom:
Installation of iGateway and iRouter fails during Audit client installation.
Solution:
The kmtune utility name was changed to kctune in HPUX 11.31.
To resolve the name differences
ln -s kctune kmtune
Symptom:
When Audit is installed on Windows 2008, online help topics are not displayed for Policy Manager, Reporter, Viewer and Security Monitor.
Solution:
These Audit components use winhlp32.exe to display the help. Windows 2008 is not shipped with winhlp32.exe. Download winhlp32.exe from the Microsoft site and install it to view the help files.
Symptom:
When I open a non-English CFG file in Wordpad, the characters are not readable.
Solution:
Wordpad does not support the UTF-8 character set. Open the file using Notepad as it does support the UTF-8 character set.
Symptom:
Errors occur when using Postscript printer drivers.
Solution:
Try using alternative Postscript printer drivers.
Symptom:
The NTEventLog submits the Category field in English on Windows 2008 system even on non-English platforms, as a result of changes in the new windows Event Logging API.
Solution:
No workaround is required.
The topics that follow describe the known facts, workarounds, and solutions for eTrust Audit.
Symptom:
When using the eTrust Audit SNMP Recorder, the Recorder has problems fetching SNMP events.
Solution:
The SNMP Recorder is an SNMP agent that uses common ports to capture SNMP events. You must disable any other SNMP agent running on the same host as the eTrust Audit SNMP Recorder to ensure proper operation of the Recorder.
Symptom:
While installing, upgrading, or uninstalling eTrust Audit, an attempt to start, stop, add, or remove an eTrust Audit or iGateway service causes the installation, upgrade, or uninstall to fail.
Solution:
The Service Applet Window sometimes locks the service table. If the eTrust Audit install, upgrade, or uninstall process attempts to start, stop, add, or remove a service while the table is locked, the task will fail causing the install, upgrade, or uninstall to fail. The Service Applet window must be closed when installing, upgrading, or uninstalling eTrust Audit.
Symptom:
When installing the eTrust Audit Client, if the router is set to localhost, the Generic Recorder fails with the following error:
Failed to find local router
Solution:
Do one of the following:
The hosts file is in the /etc directory for UNIX systems.
The hosts file is in the \system32\drivers\etc directory for Windows systems.
Symptom:
When changing the host name of an iRecorder host or installing a new iRecorder, the changes are not immediately reflected in the list of discovered iRecorders in the Audit Administrator's iRecorder Manager.
Solution:
The list of discovered iRecorders in the iRecorder Manager is not refreshed automatically whenever you change the host name of a discovered iRecorder host, add or remove iRecorders on a discovered host, or install new iRecorders on a new host.
The iRecorders are discovered by Host Discovery jobs. The next time you execute the discovery job, changes on a discovered host are reflected in the list. The host with newly installed iRecorders is discovered if it is in the subnet of an existing job, or if you define a new job for the new host's subnet.
Use the Show Host option to directly browse a host from which you want to retrieve information on the installed iRecorders or to manage the iRecorders.
Symptom:
Rules created under the Default Policies folder in eTrust Audit Policy Manager are not visible.
Solution:
The Default Policies folder is a repository of template policies and should not be used for policy deployment. The Policy Manager screen of Audit Administrator shows the template policies on the Policy Library tab.
To create new policies and rules, we recommend that you create your own policy folder and copy the rules from the Default Policies folder to your policy folder.
Symptom:
A warning appears when using non-Latin characters in names of MP folders, policy folders, policies, rules, audit node group names, or event fields.
Solution:
The names of audit node groups, policy folders, MP folders, policies, and rules must contain only Latin alphabetic characters, digits, spaces, underscores, plus or minus signs, and apostrophes.
Event field names must contain only Latin alphabetic characters, digits, and underscores. The first character in the event name must be alphabetic.
Note: MP file names follow operating system naming conventions and restrictions.
Symptom:
When attempting to connect to a Microsoft SQL Server 2000 database from a client with an ODBC driver older than Microsoft SQL Server 2000, the connection fails.
Solution:
Do the following:
Note: If you are not sure of the server pipe name, you can select TCP/IP as Network Library.
Symptom:
When using eTrust Audit Viewer, the Show top records option is disabled.
Solution:
The Show top records option is available only when you use Oracle or SQL Server to support the eTrust Audit database. It is disabled when you use Microsoft Access.
Symptom:
When a localized version of the Reporter is installed on a computer with localized Windows, some dialogs in the Reporter are displayed in English and the report templates are not localized.
Solution:
The Reporter uses a non-localized version of Crystal Reporter XI R2 (Business Objects). Because of this, some dialogs remain in English and the report templates cannot be localized. The report data is localized if the data is in a supported language.
Symptom:
Errors appear when trying to install the Post-Collection Utility (PCU) using the eTrust Audit Post-Collection Utility package.
Solution:
Do not use the eTrust Audit Post-Collection Utility package to install the PCU. By design, the PCU is automatically installed as part of the Data Tools installation. This ensures proper configuration and functionality.
Symptom:
A Collector database query for newly generated events does not display the events.
Solution:
If new events are generated, the queries do not show these events until the AuditExtendString table created by the Post-Collection Utility is populated.
Symptom:
The data source named eAudit_DSN is removed while uninstalling the Data Tools.
Solution:
The Data Tools access the Audit database using an ODBC data source, eAudit_DSN, that is created during installation. When you uninstall Audit Data Tools, this data source name is automatically removed.
Do not use eAudit_DSN as the name of an ODBC data source for other programs you install. This name is reserved for Audit Data Tools.
Symptom:
SMTP mail delivery is not functioning properly.
Solution:
If you have problems with mail delivery using SMTP, you might need to change the name for the mail sender. Certain SMTP servers require the mail sender to have a valid mail account.
The name of the mail sender is stored in the value entry Sender under the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust Audit\Mail
Symptom:
When different versions of eTrust Audit components are installed on the same computer, they do not function properly.
Solution:
You must upgrade all eTrust Audit components on the same system to the same release for the product to function properly.
Symptom:
Attempts to stop eTrust Audit services sometimes fail.
Solution:
If the eTrust Audit services cannot be stopped, use the kill.exe utility from the eTrust Audit installation directory to kill the service executables.
Symptom:
After upgrading from eTrust Audit 1.5 to r8, not all services start.
Solution:
Starting a service without upgrading all of the components may cause some eTrust Audit services to fail.
When several components (Client, Data Tools, and Policy Manager) are installed on the same Windows system, click No when the following warning message appears:
W0011: Setup is complete. Do you want to start the eTrust Audit <component> services now? You have older versions of Audit components installed.
The component can be eTrust Audit Client, Data Tools, or Policy Manager.
After upgrading all components, you must manually start all services.
eTrust Audit r8 SP1 CR3 is an internationalized and localized release. An internationalized product is an English product that runs correctly on local language versions of the required operating system and required third party products, and supports local language data for input and output. Internationalized products also support the ability to specify local language conventions for date, time, currency, and number formats.
A translated product (sometimes referred to as a localized product) is an internationalized product that includes local language support for the product's user interface, online help and other documentation, as well as local language default settings for date, time, currency, and number formats.
In addition to the English release of this product, CA supports only those languages listed in the following table:
| Language | Internationalized | Translated |
|---|---|---|
| Brazilian-Portuguese | Yes | Yes |
| Chinese (Simplified) | Yes | Yes |
| Chinese (Traditional) | Yes | Yes |
| French | Yes | Yes |
| German | Yes | Yes |
| Italian | Yes | Yes |
| Japanese | Yes | Yes |
| Korean | Yes | Yes |
| Spanish | Yes | Yes |
Note: If you run the product in a language environment not listed, you may experience problems
The following is a list of the languages and locales used for eTrust Audit:
Install eTrust Audit on the language-specific version of Windows. We recommend that you do not mix different languages, especially Asian languages (Chinese, Japanese, Korean), as characters may not be displayed correctly due to improper fonts.
The following table lists the locales to be used when installing and running eTrust Audit on UNIX and Linux platforms.
Note: For any locale or language that is not listed, eTrust Audit defaults to English.
| Language | Character Encoding | Recommended Locales (if available on system) | Comments |
|---|---|---|---|
| Simplified Chinese | GB | chinese-s, zh, zh_CN | |
| Traditional Chinese | BIG5 | chinese-t, zh_TW | On AIX, zh_TW uses EUC encoding and thus cannot be used. Currently, eTrust Audit is not supported on Traditional Chinese AIX. |
| English | ASCII | english, en_AU, en_CA, en_GB, en_UK, en_US, C | |
| French | ISO8859-1 ISO8859-15 | fr, fr_BE, fr_CA, fr_CH, fr_FR | |
| German | ISO8859-1 ISO8859-15 | de, de_DE, de_AT, de_CH, german | |
| Italian | ISO8859-1 ISO8859-15 | it, it_IT | |
| Japanese | EUC | japanese, ja, ja_JP, ja_JP.eucJP, kanjieuc | |
| Japanese | SJIS | Ja_JP, ja_JP.SJIS, ja_JP.ucJP, ja_JP.PCK | |
| Korean | EUC | ko_KR | |
| Portuguese Brazilian | ISO8859-1 ISO8859-15 | pt_BR | |
| Spanish | ISO8859-1 ISO8859-15 | es, es_ES, es_MX |
Localized web-based updates to software components of your products are available continually through the CA Support web site. Some components are not localized for specific technical reasons. When required, you can create custom objects that fit your particular needs in any given language.
A list of components that will remain in English follows, along with reasons for creating your own custom objects and the actions you can take to create them.
eTrust Audit field names in the database such as LOGNAME, EVENTCATEGORY, MSGTEXT, Taxonomy, Status, Severity, TimeZone are not translated.
These field names are eTrust Audit fields and are used to query or filter events in policy rules. Because they are part of the eTrust Audit database schema, they are not subject to customization.
If you want to modify the field names for display in eTrust Security Command Center, use the eTrust Security Command Center Log Viewer to customize event queries and change the field names that are displayed on reports.
Policy descriptions are in English. Furthermore, policies downloaded from content web sites may not be translated and may appear in the original language of the policy author.
New policies are regularly created from local support organizations. If these policies are deemed useful to customers, they are made available on the content web site in the original language. Policies of global reach will be translated and published on the content web site as part of an ongoing content localization process.
New policies, Visualizer queries, and changes to default policies and queries are published on the CA Support web site and are available for download. This content data is not localized and appears in the original language when downloaded. However, it is stored in separate language-specific locations on the content web site and can be downloaded according to the selected language on the eTrust Audit Administrator interface.
Check the support web site periodically for new downloads.
These components are not translated.
Post-Collection Utility jobs and Visualizer queries are stored in the Post-Collection Utility and iQuery configuration files. Unlike .tr files, these XML configuration files cannot support multiple languages because configuration files contain operational data such as the SELECT query, the last row read, the burst count, and so on.
Using Post-Collection Utility, you can create new jobs with localized descriptions.
The bundled template for Crystal Reports is in English. We do not have localized versions of Crystal Reports to do the translation. You can create custom reports in other languages.
eTrust Audit iRecorders and SAPI recorders are not localized. In particular, the iRecorder Manager tab in eTrust Audit Administrator is not localized. The iRecorder Manager includes Status, Data Model, and Configuration.
eTrust Audit recorders harvest events from third-party products, including the operating system. Therefore, they depend on the third-party product to be localized. Currently, all third-party products for which there is a Recorder are United States products with events in English.
Localized versions of eTrust Audit Recorders are posted on CA Support. In addition, localized policies, and Visualizer queries are created to take advantage of non-English events harvested by corresponding recorders on an ongoing basis. Check the CA Support web site periodically.
Curl is a component of iTechnology, which is a framework for Web-based services. iTechnology is used in the eTrust Audit Administrator, iRecorder, and iRouter components. Like iTechnology, Curl is not localized.
eTrust Audit Administrator uses Curl to download new policies and new Visualizer queries from CA Support.
There are few Curl messages: "Success" means no errors during transfer and if errors do occur, the error messages appear. Users of eTrust Audit Administrator do not interact directly with Curl in any way.
Note: eTrust Audit Administrator is based on external technologies that remain non-localized: Curl derives from iTechnology and the Visualizer engine is from CA Network Forensics.
The Visualizer Engine, or Analyzer, from CA Network Forensics is not localized.
The Audit Administrator uses Analyzer to draw an event-generated graph. Analyzer is a Win32 application that briefly appears when the Audit Administrator calls it for data used in a Visualizer query.
There are no plans to localize Analyzer. Users of Audit Administrator do not interact directly with Analyzer in any way, as it is background communication.
Note: For more information about eTrust Security Command Center, see the eTrust Security Command Center Readme.
The document identification numbers (DIDs) and file names for the guides for eTrust Audit r8 SP1 are as follows:
| Guide Name | DID # | File Name |
|---|---|---|
| eTrust Audit Reference Guide | G00599-1E | H00550-1E |
| eTrust Audit Management Guide | G00601-1E | H00550-1E |
| eTrust Audit Release Summary | G00602-1E | H00550-1E |
| eTrust Audit Generic Recorder Reference Guide | G00606-1E | H00550-1E |
| eTrust Audit iRecorder Reference Guide for MS NT Event Log | H00550-1E | H00550-1E |
The file names for the guides included in eTrust Audit r8 SP1 CR2 and CR3 are as follows:
| Guide Name | File Name |
|---|---|
| eTrust Audit Implementation Guide | Audit_Impl_ENU.PDF |
| eTrust Audit r8 SP1 CR3 Readme | readme_enu.html |
To view PDF files, you must download and install the free Adobe Acrobat Reader from the Acrobat web site if it is not already installed on your computer.
Note: For latest and updated guides, see http://ca.com/support.