To determine the optimal TLC environment for your organization, consider the following factors prior to configuring TLC:
| 1. | The people in your organization. Their skills, knowledge, needs, and availability will determine which TLC features they use. For instance, if someone is responsible for monitoring log messages as they are collected by Tripwire Log Center, he or she might use the Real-Time Event Viewer and Reports. On the other hand, your TLC Administrator will likely be responsible for configuring your TLC environment. |
| 2. | The hardware and platforms of the systems in your TLC environment. At minimum, your Managers and Database Server should comply with the TLC installation requirements: |
https://www.tripwire.com/products/tripwire-log-center/system-requirements/
|
Caution |
If you converted a trial TLC installation to a fully licensed version, the systems in your TLC environment may not conform with all installation requirements. Since TLC is a high-performance product, be sure to review the requirements to ensure that your Event-Management Database software, TLC Managers, and TLC Consoles are in full compliance. |
|---|
| 3. | The Log Sources from which TLC will collect log messages. In particular, consider: |
The method by which TLC Collectors gather or receive log messages from each type of Log Source (see Appendix I: Log-Source Configuration).
Any additional measures that should be taken to secure the data collected by TLC.
| 4. | Business drivers, such as the form of governance, regulations, compliance, or corporate policy. Often, such factors recommend or mandate a specific log- and event-management solution. |
| 5. | Your network architecture, which typically reflects geographic and/or organizational boundaries. Such boundaries may influence your use of Secondary Managers. For example, you might place a Secondary Manager: |
In each geographic region defined by your network. This approach is a simple way to segregate your data for each region. (When evaluating geographic boundaries, consider the impact of system clocks, international laws, and user permissions.)
At the juncture of two business units prevented from sharing certain types of traffic by a security policy. In this case, the Log Sources in each unit could send log messages to the Manager without traversing the boundary.
|
Note |
A Secondary Manager can either collect log messages itself, or forward log messages to another Manager (see What are Managers, Log Sources, and Monitored Assets?). |
|---|
| 6. | Network limitations can also influence the use of Secondary Managers. For example, you should ensure that the appropriate ports are open (see Table 26), and you might place a Secondary Manager in the following positions: |
At the remote end of a slow or saturated link.
At the remote end of a link with an intermittent connection (e.g. a Syslog or SNMP link).
At a network 'choke point,' such as a firewall or router.
| 7. | Access to data and resources may be required or prohibited by your organization. For instance, you might restrict user permissions in order to prevent unauthorized personnel from accessing TLC data. |