Adding a Monitored Asset for a new Log Source

For an introduction to Monitored Assets, see What are Managers, Log Sources, and Monitored Assets?.

To add Monitored Assets during initial configuration of your TLC environmentConsists of all TLC software, Managers, Log Sources, Monitored Assets, Collectors, and data in your TLC installation., see Configuring your TLC Environment.

Prior to adding a new Monitored AssetAn object in the TLC Configuration Manager that represents a Log SourceAny log-generating application, operating-system service, database instance, or device from which TLC collects log messages. from which TLC collects log messages directly. to TLC, complete the following steps, as needed:

To add a Monitored Asset for a new Log Source:

1.

In the side bar, select Resources >Configuration ManagerIn the Configuration Manager, you can create and configure TLC Resources (Monitored Assets, Asset Groups, Managers, Locations, Event-Management Databases), normalization objects (Normalization Rules, Aliases, and Normalized-Message Filters), and correlation objects (CorrelationThe examination of Normalized Messages for events of interest, along with the ability to initiate appropriate responses; for example, sending an email notification to specified recipients. Engines, Rules, Lists, and Actions)..

2.

In the side bar of the Configuration Manager, select Resources >Monitored Assets.

3.

ClickAdd Monitored Asset.

If a Monitored Asset is a scanner (see What are Scanner Events?), add an Event DatabaseA type of Event-Management Database that stores Events from any Log Source and/or scanner. in which TLC will save the collected Scanner Events. You can either assign the default Events database or another Event Database. (To assign another Event Database, you must first create the database by completing the steps in Creating an Event Database).

For all other Monitored Assets, assign the Correlation EngineThe component of your Primary ManagerEach TLC environment has a single Primary Manager that controls: 1. The storing of log messages in the Audit LoggerThe TLC Console1. Tripwire Log Center Console is the software for the TLC graphic user interface (GUI), or 2. The Tripwire Log Center GUI. Through the TLC Console, you can configure TLC, oversee your TLC environment, and manage log and event data. component in which you can work with the log messages collected by TLC. File Store and Events in Event-Management Databases, 2. The configuration settings for your TLC environment, and 3. User access and license management for TLC. responsible for identifying events of interest. To correlate events, the Correlation Engine applies Correlation Rules to the Normalized Messages received from the Normalization Engine. and Audit Logger.

To assign an Output DestinationAssigned to a Monitored Asset, an Output Destination is either the Audit Logger, an Event-Management Database, or a Correlation Engine that correlates Normalized Messages.:

a.

ClickAdd.