Installed on your Primary Manager, the System Database stores a record of all user logins and logouts, as well as all TLC objects defined in the TLC Console; for example, Monitored Assets, Normalization Rules, and Event Tickets.
Each Manager in your TLC environment can host an Audit Logger File Store. The Audit Logger is TLC's log-storage tool, and the Audit Logger File Store consists of:
A series of compressed flat files containing the log messages collected by the Manager from Log Sources, and
An index of terms contained in the log messages.
For more information about the Audit Logger, see What is the Audit Logger?.
You can also configure a Manager to forward log messages to a third-party log-archive tool. For further details, see What is Log-Message Forwarding?.
Each Manager also hosts one or more Event-Management Databases. An optional component of your TLC environment, an Event-Management Database stores Events. An Event is either:
A log message that the Manager has standardized (i.e. normalized) for use by TLC (a.k.a. Normalized Messages).
An event or vulnerability imported from a scanner (see What are Scanner Events?).
Table 27 describes each type of Event-Management Database.
By default, the TLC Manager installer creates a single Event Database called 'Events.' With the Database Viewers in the TLC Console, you can review information about the Events in your Event-Management Databases (see The Event-Database Viewer).
Note |
To configure user permissions for an Event-Management Database, see Working with Database Permissions. |
---|
Type |
Stores Events from ... |
Database Viewer |
---|---|---|
Event Database |
... any Log Source and/or scanner (see What are Scanner Events?). |
|
Firewall Database |
... firewalls. These Events involve core firewall functionality and, typically, relate to network traffic. |
|
IDS Database |
... IDS and IPS devices. These Events may include detected traffic anomalies, intrusions, etc. |