Resolution
What does VigilEnt Log Analyzer 1.2 Service Pack 2 resolve?
fact
VigilEnt Log Analyzer 1.2
fact
VigilEnt Security Agent for Windows 4.0
fact
VigilEnt Security Agent for Unix 4.0
fact
VigilEnt Security Agent for iSeries 5.4\7.0
fix
Description:
Service Pack 2 provides supoprt for secure socket layer (SSL) encryption between the log engines and SSL-compatible agents.
It extends the Forensic Anaysis search parameteres in the IDMEF and Firewall Templates.
It allows the Trend Analysis cubes to automatically group source and target IP addresses, so that a Trend Analysis cube can display more than 64,000 source and target IP addresses.
Contains the following previously or currently posted patch:
VigilEnt Log Analyzer 1.2 Hotfix 29312
Patch Corrects the following issues:
* VigilEnt Log Analyzer now provides secure socket layer (SSL) encryption between the analysis engine, log engines, and SSL-compatible agents. Installing this service pack lets VLA components communicate with the following SSL-compatible agents using SSL over port 1636:
- VigilEnt Security Agent for Windows 4.0
- VigilEnt Security Agent for Unix 4.0, plus Hotfix 30068
- VigilEnt Security Agent for iSeries with the following components:
* PSAudit 5.4
* PSSecure 7.0
* cumulative PTF 1X03080
* PSCOMMON Option 4
If you need to use a port other than 1636 for SSL communication, contact Technical Support for additional configuration information.
* Trend Analysis cubes now automatically group source and target IP addresses, so that a Trend Analysis cube can display more than 64,000 source and target IP addresses. If you install this fix in a production environment, existing Trend Analysis data is cleared. In a trial installation, existing Trend Analysis data is cleared and the original demo data is provided.
* The following Forensic Analysis search parameters in the IDMEF and Firewall templates now accept filters:
- AdditionalData meaning
- AdditionalData Data
- Action
- Protocol Version
- Rule Number
- Connection_Start_Time
- Connection Duration
- Size in Bytes
* VigilEnt Log Analyzer now displays a message if the logged-in user clicks Log Reports without having read and write permissions on the VigilEnt Log Analyzer computer.
Install Instructions:
==============================================
Service Pack Installation Steps for New VigilEnt Log Analyzer Installations
==============================================
Follow these steps if you are installing VigilEnt Log Analyzer 1.2 for the first time. If you have an existing VigilEnt Log Analyzer 1.2 installation, see "Service Pack Installation Steps for Existing VigilEnt Log Analyzer Installations" below.
To install this service pack:
1. Ensure VigilEnt Security Manager 4.0 Service Pack 2 (or higher) and VigilEnt Log Analyzer 1.2 or higher are installed.
2. Back up the VigilEnt database. For more information, see the VigilEnt Security Manager User Guide.
3. Run the VLA12002.exe file on each computer where the following components are installed:
* VSOC
* VSS
* Analysis engine
* Log engine
In some installations, such as a trial installation, all components are installed on the same computer.
4. Log on to the computer where the VigilEnt Security Server Configuration utility is installed.
5. Start the VigilEnt Security Server Configuration utility.
6. On the TCP/IP tab, clear the Enable VigilEnt over SSL check box.
7. Restart the VigilEnt Log Analyzer service on each computer where you installed the service pack.
8. Restart the VigilEnt Security Server.
=================================================
Service Pack Installation Steps for Existing VigilEnt Log Analyzer Installations
==========================================.
=======
Follow these steps only if you are applying the service pack to an existing installation of VLA 1.2 and you want the log engines and the analysis engine to communicate using SSL.
To install this service pack:
1. Ensure VigilEnt Security Manager 4.0 Service Pack 2 (or higher) and VigilEnt Log Analyzer 1.2 or higher are installed.
2. Back up the VigilEnt database. For more information, see the VigilEnt Security Manager User Guide.
3. Run the VLA12002.exe file on each computer where the following components are installed:
* VSOC
* VSS
* Analysis engine
* Log engine
In some installations, such as a trial installation, all components are installed on the same computer.
4. Delete the registration.properties file located in the VLA installation folder on the analysis engine and log engine computers. By default, the VLA installation folder is Program Files\Pentasafe\VLA.
5. Restart the VLA service on the analysis engine computer.
6. Restart the VLA service on the log engine computers.
7. Log on to the computer where the VigilEnt Security Server Configuration utility is installed.
8. Start the VigilEnt Security Server Configuration utility.
9. Navigate to the TCP/IP tab, and then clear the Enable VigilEnt over SSL check box.
10. Restart the VigilEnt Security Server.
11. Display the VigilEnt Security Operations Center (VSOC), and then expand the VIM node.
12. Right-click the analysis engine node (VAE), and then select Properties.
13. Change the Port number to 1636, and then click OK.
14. Right-click a log engine node (VLE), and then select Properties.
15. Change the Port number to 1636, and then click OK.
16. Repeat Steps 11 and 12 for all log engine nodes.
note
Special Notes:
This service pack adds or modifies the following files on the VLA computer. These files are located in the default installation folder, typically Program Files\Pentasafe\VLA:
* vim\StaticReportControl.ocx
* vim\StaticReportSnapin.dll
* vim\defaultreporthelp.htm
* vim\FireWall.xml
* vim\IdmefFields.xml
* vim\Cisco IDS.xml
* vim\Cisco PIX.xml
* Windows Registry
This service pack modifies the following files on the log engine and analysis engine computers. These files are located in the default installation folder, typically Program Files\Pentasafe\VLA:
* bin\VIM_LA_DEMO.CAB
* cubeinstaller.exe
* lib\ext\log4mq.jar
* lib\ext\vimutil.jar
* lib\ext\registration-lib.jar
* logquery.properties
* mk.options
* modules\vae.jar
* modules\vle.jar
* Windows Registry
This service pack modifies the following files on the VigilEnt Security Server computer. These files are located in the default installation folder, typically Program Files\Pentasafe\VLA:
* lib\ext\vimutil.jar
* lib\ext\registration-lib.jar
* mk.options
* modules\vle.jar
* Windows Registry
note
Download Patch:
- Patch Name: VigilEnt Log Analyzer 1.2 Service Pack 2 https://www.netiq.com/support/vlm/