Adding a Monitored Asset for a new Log Source

For an introduction to Monitored Assets, see What are Managers, Log Sources, and Monitored Assets?.

To add Monitored Assets during initial configuration of your TLC environment, see Configuring your TLC Environment.

Prior to adding a new Monitored Asset to TLC, complete the following steps, as needed:

1. To create a Monitored Asset for an Axon Agent, install and configure Tripwire Axon Agent for TLC software on the host system (see Installing Tripwire Axon Agent using a Pre-Shared Key).

Note 

For systems with IP addresses in Internet Protocol Version 6 (IPv6) format, you can only create a Monitored Asset if you assign the Advanced Windows Collector or Advanced File Collector to the Asset.

2. Configure the Asset's host system to send log messages to TLC (see Step 1. Configure your Log Sources).
3. Download the latest Normalization Rules for the Log Source from Tripwire (see Exporting and Importing Normalization Rules).

Note 

If the Monitored Asset is a scanner (see What are Scanner Events?), this step is not needed..

4. Add the appropriate Collector for the Log Source in the Manager properties dialog (see Configuring a Collector).

Tips 

To create multiple Monitored Assets at once, see Adding Multiple Monitored Assets.

To manually create a Monitored Asset with the Advanced Windows Collector, the Enable AutoDiscovery setting in the Advanced Windows Collector tab of your Manager's properties dialog must be disabled (see Working with Managers).

To add a Monitored Asset for a new Log Source:

1. In the side bar, select Resources >Configuration ManagerConfiguration Manager.
2. In the side bar of the Configuration Manager, select ResourcesResources >AssetsMonitored Assets.
3. ClickAdd AssetAdd Monitored Asset.
4. At the top of the Monitored Asset properties dialog:
a. Enter a Name and Description (optional) for the Asset.
b. (optional) To enable the Asset, select the Enabled check box.
5. In the Settings tab:
a. Enter the IP address for the Log Source.
b. Select a Location (optional).
c. Select the Asset type and Collector for the Log Source.
d. As needed, complete any remaining fields (see Table 48).
6. In the Output Destinations tab, add the appropriate Output Destinations.

If a Monitored Asset is a scanner (see What are Scanner Events?), add an Event Database in which TLC will save the collected Scanner Events. You can either assign the default Events database or another Event Database. (To assign another Event Database, you must first create the database by completing the steps in Creating an Event Database).

For all other Monitored Assets, assign the Correlation Engine and Audit Logger.

To assign an Output Destination:

a. ClickAddAdd.
b. From the Output Destination drop-down, select the destination and click Add.
7. If you selected an Oracle Database Collector, assign the Log Sources (i.e. database instances and/or views) for the Monitored Asset in the Log Sources tab. For more information, see Working with Log Sources for an Oracle Database Collector.
8. To complete any remaining tabs in the Monitored Asset properties dialog, see Table 48.

Tip

Your changes will not take effect until you push updates to your Managers (see Pushing Updates to your Managers).