Working with a Host

When an Event1. Either a log message that a Manager has standardized (i.e. normalized) for use by TLC (a.k.a. Normalized Messages), or an event or vulnerability imported from a scanner. 2. An 'event message' collected from a Log Source. is saved in an Event DatabaseA type of Event-Management Database that stores Events from any Log SourceAny log-generating application, operating-system service, database instance, or device from which TLC collects log messages. and/or scannerA device that monitors systems in your TLC environment (for example, a vulnerability scanner).., or a Scanner EventAn Event created when you import data from a scanner to an Event Database. is imported to an Event Database from a scanner (see What are Scanner Events?), TLC performs an NSlookup to identify the Event's Host1. A Log Source or a system involved in an Event. 2. A system on which TLC Manager, TLC Console, or Event-Management Database software is installed.. A Host is either:

The system with the Log Source that generated a log messageA data record generated by a Log Source and collected by TLC. resulting in the creation of an Event in an Event Database, or

A system identified by a Scanner Event in an Event Database (i.e. a system with a vulnerabilityA potential security weakness identified by a vulnerability scanner. In an Event Database, you can import or collect vulnerabilities detected by a scanner. or port identified by a scanner).

To query an Event Database for information about Hosts:

1.

In the side bar, select Events >Event-Database ViewerA type of Database ViewerA TLC Console1. Tripwire Log Center Console is the software for the TLC graphic user interface (GUI), or 2. The Tripwire Log Center GUI. Through the TLC Console, you can configure TLC, oversee your TLC environment, and manage log and event data. component in which you can review information about Events in Event-Management Databases. Types of Database Viewers include the Event-Database Viewer, IDS-Database Viewer, and Firewall-Database Viewer. in which you can query and work with the data in your Event Databases..