Step 6. Configure your Monitored Assets
As discussed in Step 4. Configure your Asset Groups, TLC automatically created Monitored Assets for your Log Sources in the . In this step, you will do the following for each of your Monitored Assets:
|
2.
|
Review and confirm other Asset properties. |
Tip
|
To ensure the accuracy of timestamps in log messages collected from a 's Log Source, Tripwire recommends the use of the Network Time Protocol (NTP) on the host system.
|
To configure each of your Monitored Assets, complete the following steps:
|
1.
|
In the side bar, select Resources >Configuration Manager. |
|
2.
|
In the side bar of the Configuration Manager, select Resources >Monitored Assets. |
|
3.
|
In the workspace, double-click a Monitored Asset. The Monitored Asset properties dialog opens. |
|
4.
|
In the Output Destinations tab, add the appropriate Output Destinations. |
If the Monitored Asset is a (see What are Scanner Events?), add an in which TLC will save the collected Scanner Events. You can either assign the default Events database or another Event Database. (To assign another Event Database, you must first create the database by completing the steps in Creating an Event Database).
For all other Monitored Assets, assign the and Audit Logger.
To assign an :
|
a.
|
ClickAdd. |
|
b.
|
From the Output Destination drop-down, select the destination and click Add. |
|
a.
|
Verify that an appropriate is selected for the Asset in the Collector drop-down (see What are Collectors?). |
|
b.
|
Review and, as needed, complete the other fields in the Settings tab. For field and menu descriptions, see Table 48. |
|
6.
|
Depending on the type of Collector you selected in the Settings tab, TLC may have inserted additional tabs in the Monitored Asset properties dialog. As needed, you may configure these tabs by referring to Table 48 and clicking Apply. |
If you selected a or , TLC adds a Schedule tab in which you can define a schedule for the collection of log messages from the Asset's Log Source. If the Asset is a scanner (see What are Scanner Events?), define a schedule for the collection of Scanner Events and then complete the File tab (see Configuring a Monitored Asset with a File Collector).
If you selected an , TLC adds a Log Sources tab in which you can assign multiple Log Sources (i.e. database instances) to the Asset. For further instructions, see Working with Log Sources for an Oracle Database Collector.
If you selected a File Collector, Network Collector, or , TLC adds a Normalization Rules tab containing all Tripwire-defined Normalization Rules for the Asset's Log Source. When the receives a from the Asset's Collector, TLC executes the rules in the order in which they appear in this tab. For more information about Normalization Rules, see How does Log-Message Normalization work?.
If you selected a , TLC adds a Check Point Options tab in which you configure the authentication, communication, and log settings for a Check Point firewall.
Next
|
Once you have configured all of your Monitored Assets, you must push updates to your Managers:
|
1.
|
In the side bar of the Configuration Manager, select Resources >Managers. |
|
2.
|
In the main pane, select each of your Managers and clickPush Updates to Manager. |
|