Sending Log Messages to an Event-Management Database

With this procedure, TLC queries the Audit Logger File StoreConsists of a series of compressed flat files containing the log messages collected by the Manager from Log Sources, and an index of terms contained in the log messages. for log messages to be saved as Events in a specified Event-Management DatabaseAn optional component of your TLC environmentConsists of all TLC software, Managers, Log Sources, Assets, Collectors, and data in your TLC installation., an Event1. Either a log message that a Manager has standardized (i.e. normalized) for use by TLC (a.k.a. Normalized Messages), or an event or vulnerability imported from a scanner. 2. An 'event message' collected from a Log Source.-Management Database stores Events. Types of Event-Management Databases include Event Databases, IDS Databases, and Firewall Databases. (see How does Log-Message Normalization work?). To normalize each log messageA data record generated by a Log SourceAny log-generating application, operating-system service, database instance, or device from which TLC collects log messages. and collected by TLC., TLC uses the Normalization Rules assigned to each AssetAn object in TLC that represents a Log Source from which TLC collects log messages directly. Group containing the Asset that represents the message's Log Source (see Assigning Normalization Rules to Asset Groups), as well as any rules assigned to the Asset itself (see Table 48).

To send log messages from the Audit Logger to an Event-Management Database:

1.

In the side bar, select Events >Audit LoggerThe TLC Console1. Tripwire Log Center Console is the software for the TLC graphic user interface (GUI), or 2. The Tripwire Log Center GUI. Through the TLC Console, you can configure TLC, oversee your TLC environment, and manage log and event data. component in which you can work with the log messages collected by TLC..

TLC adds a Database drop-down to the Query Criteria tab.

When the process completes, click OK in the Information dialog.