How to create Forensic.xml in Security Manager 6.0 post SP2. (NETIQKB71093)

  • 7771093
  • 06-Jun-2008
  • 10-Sep-2009

Environment

SM 6.0 SP2, SP3, SP4
SM 6.5

Situation

The purpose of the article is to explain how to get the Forensic.xml in Secuirty Manager 6.0 post SP2.

Resolution

To call the forensic.xml template from the database, you can use the following procedure.

  • Login to a Server or Workstation that has the Security Manager Control Center installed.
  • Enable debugging on the Control Center by editing the following file:

%INSTALLPATH%\NetIQ Security Manager\Control Center\NQConsole.exe.config

  • On line 24 of this file you will see this line:

<level value="INFO" />

Change: "INFO" To: "DEBUG"

  • Save the NQConsole.exe.config.
  • Open the Security Manager Control Center.
  • In the Navigation pane, click on Forensic Analysis.
  • Click on My Queries. Select a query in the center pane and edit it.
  • Forensic.xml will be created in the following location on the User Interface Computer:

C:\Documents and Settings\%useraccount%\Local Settings\Application Data\NetIQ\Security Manager\Forensics.xml

  • Copy Forensics.xml and rename it to CustomForensics.xml.
  • Move to CustomForensics.xml to the following location:

%INSTALLPATH%\NetIQ Security Manager\OnePoint\VSOC\config\

  • Disable debugging on the Control Center by editing the following file:

%INSTALLPATH%\NetIQ Security Manager\Control Center\NQConsole.exe.config

  • On line 24 of this file you will see this line:

<level value="DEBUG" />

Change: "DEBUG" To: "INFO"

  • Save the NQConsole.exe.config.

You can now use the CustomForensics.xml to setup forensic queries on a custom provider.

Cause

The Forensics.xml file did not always reflect all updates under some upgrade and naming conditions and is no longer used, because of this the forensic.xml no longer gets created in SM 6.0 SP2.The report template information is now stored and retrieved only from the OnePoint database to prevent any upgrade issues.

Additional Information

Formerly known as NETIQKB71093

Feedback service temporarily unavailable. For content questions or problems, please contact Support.