Environment
Situation
Correlation of real-time events from syslog providers does not work correctly.
Resolution
Optimizes the Agent Configuration Process - Before you apply this Hotfix, each time an agent requests new configuration information from a central computer, the central computer can take a significant amount of time to send the requested information. If a large number of agents simultaneously request configuration information from a central computer, the central computer may not be able to properly process all requests. When this occurs, the Security Manager Control Center displays the state of the requesting agents as Unknown.
This Hotfix addresses the issue described above. The Hotfix allows central computers to cache certain pieces of configuration data for re-use, enables central computers to better handle large numbers of log archival events at one time, separates incoming data processing from agent request processing, and enhances the Security Manager logging mechanism. (ENG303056)
Resolves an Issue Where Security Manager Cannot Correlate Syslog Events - Before you apply this Hotfix, the agent does not correctly correlate real-time events received from a syslog provider when correlating events based on field names. After you apply this Hotfix, Security Manager correctly correlates all syslog events. (ENG298432)
For more information about the issues resolved with this Hotfix, see NetIQ Knowledge Base article NETIQKB72781.
Installing This Hotfix
Complete the following steps to install this Hotfix on all central computers and agent computers.
To install this Hotfix on Windows Server 2003 computers:
1. Log on to the central computer using an account that is a member of the local Administrators group.
2. Run the SM65300_Hotfix72781.msp file on the central computer.
3. Follow the instructions in the setup program until you have finished installing the Hotfix.
4. Repeat Steps 1 through 3 for each central computer in your configuration group.
To install this Hotfix on Windows Server 2008 computers:
1. Log on to the central computer using an account that is a member of the local Administrators group.
2. Click the Start menu and navigate to the Command Prompt tool.
3. Right-click Command Prompt and select Run as administrator.
4. If User Account Control prompts you to confirm, click Yes.
5. In the command-line interface, type SM65300_Hotfix72781.msp and press Enter.
6. Follow the instructions in the setup program until you have finished installing the Hotfix.
7. Repeat Steps 1 through 6 for each central computer in your configuration group.
8. After installing this Hotfix on your central computers, you must scan your managed agents to allow Agent Manager to install the Hotfix on the agent computers.
To scan all managed Windows agents:
1. Start the Development Console in the NetIQ Security Manager program group.
2. In the left pane, expand Security Manager Development Console, and then expand Configuration.
3. In the left pane, click Central Computers.
4. On the Action menu, click Scan All Managed Computers.
5. Click OK.
6. In the left pane, expand Pending Agents > Installation.
7. In the right pane, select all agents pending installation.
8. On the Action menu, click Approve.
9. Click OK.
10. In the left pane, click Central Computers.
11. On the Action menu, click Scan All Managed Computers.
12. Click OK.
13. On the Action menu, click Refresh until Security Manager finishes scanning managed computers.
14. Close the Development Console.
If your configuration group includes one or more unmanaged agents, you must also install this Hotfix manually on each unmanaged agent computer.
To install this Hotfix on all computers with unmanaged agents installed:
1. Log on to the unmanaged agent computer using an account that is a member of the local Administrators group.
2. Run the SM65300_ManualAgent_Hotfix72781.msp.
3. Follow the instructions in the setup program until you have finished installing the Hotfix.
4. Repeat Steps 1 through 3 on each computer with an unmanaged agent installed.
Hotfix Temporarily Stops Security Manager Services and Applications
When you apply Security Manager 6.5.3 Hotfix 72781 to a computer, the setup program automatically stops all Security Manager services and applications, including the OnePointActiveOpsDas COM+ application. After installing the Hotfix, the setup program restarts all stopped services and applications.
Installing Additional Security Manager Components After Installing the Hotfix
If you apply Security Manager 6.5.3 Hotfix 72781 to a central computer and then install one or more additional Security Manager 6.5.3 components on that computer, the Security Manager 6.5.3 setup program installs the original Security Manager 6.5.3 files over any files modified by the Hotfix. After installing the new components, you must re-apply the Hotfix to the modified central computer.
Please contact us with your questions and comments. We look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.