Observe IT JDBC
The JSA DSM for ObserveIT JDBC collects JDBC events from ObserveIT.
The following table identifies the specifications for the ObserveIT JDBC DSM:
Table 1: ObserveIT JDBC DSM Specifications
DSM RPM name
Log File Protocol
JSA recorded events
The following event types are supported by ObserveIT JDBC:
The Log File Protocol supports user activity in LEEF logs.
Includes custom properties?
ObserveIT website (http://www.observeit-sys.com)
To collect ObserveIT JDBC events, complete the following steps:
If automatic updates are not enabled, download and install the most recent versions of the following RPMs on your JSA console:
ObserveIT JDBC DSM RPM
DSMCommon DSM RPM
ObserveIT JDBC PROTOCOL RPM
JDBC PROTOCOL RPM
Make sure that your ObserveIT system is installed and the SQL Server database is accessible over the network.
For each ObserveIT server that you want to integrate, create a log source on the JSA console. Configure all the required parameters. Use these tables to configure ObserveIT specific parameters:
Table 2: ObserveIT JDBC Log Source Parameters
Log Source type
Log Source Identifier
Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol.
If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2.
IP or Hostname
The IP address or host name of the ObserveIT system.
The port on the ObserveIT host. The default is 1433.
The user name that is required to connect to the ObserveIT MS SQL database
The password that is required to connect to the ObserveIT MS SQL database.
Start Date and Time
Use the yyyy-MM-dd HH: mm format.
The frequency by which to poll the database.
The event rate throttle in events per second.
Table 3: Log File Protocol Parameters
Log Source Identifier
The IP address for the log source. This value must match the value that is configured in the Server IP parameter. The log source identifier value must be unique for the log source type.
From the list, select the protocol that you want to use when retrieving log files from a remote server. The default is SFTP.
SFTP - SSH File Transfer Protocol
FTP - File Transfer Protocol
SCP - Secure Copy
The underlying protocol that retrieves log files for the SCP and SFTP service type requires that the server specified in the Remote IP or Hostname field has the SFTP subsystem enabled.
Remote IP or Hostname
The IP address or host name of the device that stores your event log files.
If the remote host uses a non-standard port number, you must adjust the port value to retrieve events.
The user name necessary to log in to the host that contains your event files. The user name can be up to 255 characters in Length.
The password that is necessary to log in to the host.
Confirmation of the password that is necessary to log in to the host.
SSH Key File
The path to the SSH key, if the system is configured to use key authentication. When an SSH key file is used, the Remote Password field is ignored.
For FTP, if the log files are in the remote users home directory, you can leave the remote directory blank. A blank remote directory field supports systems where a change in the working directory (CWD) command is restricted.
SCP Remote File
If you selected SCP as the Service Type, you must type the file name of the remote file.
This option is ignored for SCP file transfers.
FTP File Pattern
The regular expression (regex) required to identify the files to download from the remote host.
FTP Transfer Mode
For ASCII transfers over FTP, you must select NONE in the Processor field and LINEBYLINE in the Event Generator field.
The time of day when you want the processing to begin. For example, type 12:00 AM to schedule the log file protocol to collect event files at midnight. This parameter functions with the Recurrence value to establish when and how often the Remote Directory is scanned for files. Type the start time, based on a 12-hour clock, in the following format: HH:MM <AM/PM>.
The time interval to determine how frequently the remote directory is scanned for new event log files. The time interval can include values in hours (H), minutes (M), or days (D). For example, a recurrence of 2H scans the remote directory every 2 hours.
Run On Save
Starts the log file import immediately after you save the log source configuration. When selected, this check box clears the list of previously downloaded and processed files. After the first file import, the log file protocol follows the start time and recurrence schedule that is defined by the administrator.
The number of Events Per Second (EPS) that the protocol cannot exceed.
Processors allow JSA to expand event file archives, and to process contents for events. JSA processes files only after they are downloaded. JSA can process files in
Ignore Previously Processed File(s)
Tracks and ignores files that were processed by the log file protocol. JSA examines the log files in the remote directory to determine whether a file was processed previously by the log file protocol. If a previously processed file is detected, the log file protocol does not download the file for processing. All files that were not processed previously are downloaded. This option applies only to FTP and SFTP Service Types.
Change Local Directory?
Changes the local directory on the Target Event Collector to store event logs before they are processed.
The local directory on the Target Event Collector. The directory must exist before the log file protocol attempts to retrieve events.
The character encoding that is used by the events in your log file.
The character that is used to separate folders for your operating system. Most configurations can use the default value in Folder Separator field. This field is intended for operating systems that use a different character to define separate folders. For example, periods that separate folders on mainframe systems.