Tripwire LogCenter Manager

Working with the TLC Manager Interface

Your Tripwire LogCenter Manager software runs as a service and controls several components of the local Manager, including the Manager's Audit Logger, Task Scheduler, Normalization Engine, and Correlation Engine. You configure the TLC Manager service in the TLC Manager Interface.

Tip 

With the command-line tool, you can perform all functions available in the TLC Manager Interface, along with a few additional debugging commands. To run the command-line tool, enter the following command at a command line:

Tlc.LogManager.Cli.exe

To work with the TLC Manager Interface:

1. On the TLC Manager host system, select Start > Programs > Tripwire Log Center > Manager.

The TLC Manager Interface opens (see Figure 58).

2. As needed, make your changes in the TLC Manager Interface.

Table 74 describes the available options in the menu bar.

Table 75 describes each option available in the side bar.

3. To close the TLC Manager Interface, select File > Save and Exit.

Figure 58.  TLC Manager Interface 

TLC Manager Interface

Table 74. The TLC Manager Interface menu bar

Menu

Description

File

Save. Saves the current settings in the TLC Manager Interface.

Save and Exit. Saves the current settings and closes the user session.

Note: To save the current settings, you should first stop the TLC Manager Service in the Status page (see Table 75), save the settings, and then re-start the service.

Exit Without Saving. Closes the user session without saving any changes made since the last time the settings were saved.

Options

Clear Displayed Logs. Select this option to remove the log messages presented in the Status page (see Table 75). (This option is only available if the Status option is selected in the side bar.)

Reset a Password. To reset the password for a TLC User Account:

1. Select Options > Reset a Password.

2. In the Reset Password dialog, enter the Reset Code, the Username for the account, and the new Password. For password requirements, see Password .

Note: To acquire a Reset Code, contact Tripwire Support.

Help

Create Support Bundle. Generates a zip file with information that may be helpful to Tripwire Technical Support when troubleshooting issues with TLC. With this feature, you select the start date for the logs to be included in the bundle.

Tip: With the command-line tool, you can generate the support bundle. To run the command-line tool, enter the following command with the parameter at a command line:

Tlc.LogManager.Gui.exe -bundle <date>

The <date> parameter (mm/dd/yyyy) is optional.

About. Opens a dialog with your Serial Number and the TLC Manager version number.

Table 75. The TLC Manager Interface side bar

Option

Description

Status

Manager service status. Indicates if the TLC Manager service is currently running.

Scroll log messages. If the TLC Manager service is running and this option is enabled, TLC presents log messages as they are generated by the service.

To start the service, click Start.

To stop the service, click Stop.

To restart the service, click Restart.

Database Settings

General tab:

Database type. Your Event-Management Database software.

Use Windows authentication. Enables Windows authentication.

Username. The user account with which TLC accesses your Event-Management Database software.

Password. The password for the user account.

Security Settings tab:

(Optional) If your Event-Management Database software is MySQL Server, you can enable secure connections for communications between your Primary Manager and Event-Management Database software by selecting SSH from the Protocol drop-down and configure the following settings:

Username. The user account with which TLC accesses your Event-Management Database software.

Password. The password for the user account.

Host. The IP address or host name of the system on which you installed your Event-Management Database software (i.e. your Database-software host).

Port. The SSH port on your Database-software host by which your Primary Manager will communicate with the database software.

Manager Settings

Primary Manager IP address. The IP address of the Primary Manager.

Primary Manager port. For a Secondary Manager, this field indicates the port with which the TLC Manager service communicates with your Primary Manager.

Change Manager Type. Changes the Manager to a Primary or Secondary Manager (see Promoting a Secondary Manager).

Download License File. If the Manager is your Primary Manager, this button opens a wizard to replace the existing TLC Manager license file with a new license file (see Managing your TLC License).

Deactivate License. This button deactivates the existing TLC Manager license file so it can be moved to a new machine.

Log Settings

To change the directory in which the Manager's log messages are saved, click Browse.

Communication Settings

Configures settings for communications between the TLC Manager service and:

Other TLC systems (i.e. other Managers and TLC Consoles)

Windows Log Sources

Communications port. The port used by the TLC Manager service for communications.

Manager name. The name of the Manager as defined in the TLC Console (see Working with Managers).

Certificate store. The certificate store containing the certificate used for communications with other TLC systems (see Configuring your Manager's SSL Certificate).

Certificate name. The name of the certificate.

To create a new certificate for the Manager, click Create Certificate.

To assign another existing certificate to the Manager, click Find Certificate.

If the Manager is assigned to a Failover Manager, you must enter the Manager's FQDN as the certificate name (e.g., CN=tlc-manager.company.com). For more information, see the Tripwire LogCenter Failover Manager Guide.

Notes: To communicate with the Manager, other TLC systems must specify the IP address or host name in the certificate name. For example, if the certificate's name is CN=secmon01.mycompany.com, other systems must use secmon01.mycompany.com to connect to the manager (and not the Manager's IP address).

Service Settings

Defines the user credentials with which the TLC Manager service authenticates when communicating with Windows Log Sources (see Assigning a User Account to the TLC Manager Service).

Configured Modules

Lists the enabled modules in the Installed Modules tab of the Manager's properties dialog (see Working with Managers).

Maintenance

Only available if the local TLC Manager is a Primary Manager, this tab provides access to maintenance functions for the System Database (see Where does TLC store Data?).

Caution: Tripwire recommends that you only employ these functions when directed to do so by Tripwire Support.

Defragment System Database. Removes overhead data from the System Database, such as transaction-log history, to free disk space and improve input/output (I/O) performance.

Repair System Database. Rebuilds the System Database's indexes and, if needed, removes corrupted data from the database.

Restore System Database. Restores the System Database with the most recent backup in the backups sub-directory. By default, this path is:

<TLC_Manager_install_dir>/data/backups

Where <TLC_Manager_install_dir> is the installation directory for TLC Manager.

Failover Settings

Only available if the local TLC Manager is a Failover Manager (see About Failover Managers), this tab provides settings for the Manager's role as a backup system to a specified TLC Manager (a.k.a., the Active Manager).

Note: To designate a TLC Manager as a Failover Manager, see Adding a Failover Manager.

Active Manager. Specifies the Manager for which this Failover Manager will act as backup.

Active Manager IP Address. Specifies the IP address (IPv4) of the specified Active Manager.

Synchronization Interval (in minutes). Specifies how frequently TLC will copy the configuration files of the Active Manager to the Failover Manager. Enter a value from 5-60 minutes.

Manager Downtime Threshold (in minutes). Specifies the minimum number of minutes since the Active Manager last responded to a synchronization attempt by the Failover Manager before TLC directs the Failover Manager to assume the role of the Active Manager. Enter a value from 10-180 minutes.

Manager Recovery Threshold (in minutes). When the Active Manager recovers from downtime, this setting specifies the number of minutes before TLC returns the Failover Manager to a passive state. Enter a value from 10-180 minutes.

Caution: To prevent the loss of data during failover and recovery operations (see About Failover Managers), the value entered for the Synchronization Interval must be lower than the values entered for the Manager Downtime Threshold and Manager Recovery Threshold.

Start as Active Manager. Click this button to direct the Failover Manager to assume responsibility for the Active Manager's operations.

Once the period of time specified by the Manager Recovery Threshold setting elapses, the Active Manager will resume operation and TLC reverts the Failover Manager to an Idle status.

Tip: The Start as Active Manager button is helpful when planned maintenance is needed on the Active Manager host system. By clicking this button, Failover Manager immediately assumes the Active Manager's responsibilities.