What is the data flow of Security Manager agents? (NETIQKB72760)

  • 7772760
  • 12-Jan-2011
  • 10-Feb-2011

Environment

Security Manager 6x

Situation

Knowing the data flow from the agent machine to the database can be helpful in pinpointing where to start troubleshooting.

Resolution

Log archival:

iSeries: psgetlogs job runs on the iSeries box to gather the logs --> The central computer request log data from iSeries --> from there it goes to the Qreport folder (program files\netiq security manager\onepoint\qreport) --> the files inside of the qreport are parsed by security manager rules and sent to the Central computers MSMQ --> The MSMQ on the LAS (log archival server) receives and processes the data into the LAS database (current partition for that day).

UNIX: Uvservd process runs the UNIX box --> The central computer request log data from the UNIX boxes --> from there it goes to the Qreport folder (program files\netiq security manager\onepoint\qreport) --> the files inside of the qreport are parsed by security manager rules and sent to the Central computers MSMQ --> The MSMQ on the LAS (log archival server) receives and processes the data into the LAS database (current partition for that day).

Windows: Data is sent from the agent to the queue and cache files on the central computer (all user\application data\NetIQ\Security Manager\Config_group_name\) --> then it goes to the MSMQ on the Central computer --> The MSMQ on the LAS (log archival server) receives and processes the data into the LAS database (current partition for that day).

Real-Time:

iSeries: psdect job runs on the iSeries box for real-time collection --> from there it goes to the Vigilent folder on the Central computer (program files\netiq security manager\onepoint\vigilent\event.##) --> the files inside of the vigilent folder are parsed by security manager rules and sent to the one point database

UNIX: detectd runs on the UNIX box for real-time collection --> from there it goes to the Vigilent folder on the Central computer (program files\netiq security manager\onepoint\vigilent\event.##) --> the files inside of the vigilent folder are parsed by security manager rules and sent to the one point database

Window: Data is sent from the agent to the queue and cache files on the central computer (all user\application data\NetIQ\Security Manager\Config_group_name\) --> then the data is processed directly to the onepoint database

Additional Information

Formerly known as NETIQKB72760

the UNIX and iSeries boxes have their own set of rules and processes\jobs that get the data ready for transfer to Security Manager.  Security Manager rules do not get applied until the data arrives at the Central computer. 
 
The Windows agents get their rules directly from Security Manager and are processed on the agent box.


Feedback service temporarily unavailable. For content questions or problems, please contact Support.