Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Symantec Critical System Protection

 

The JSA DSM for Symantec Critical System Protection can collect event logs from Symantec Critical System Protection systems.

The following table identifies the specifications for the Symantec Critical System Protection DSM.

Table 1: Symantec Critical System Protection DSM Specifications

Specification

Value

Manufacturer

Symantec

DSM Name

Critical System Protection

RPM file name

DSM-SymantecCriticalSystemProtection-JSA_version_build number

.noarch.rpm

Supported versions

5.1.1

Event format

DB Entries

JSA recorded event types

All events from the ‘CSPEVENT_VW´ view

Log source type in JSA UI

Symantec Critical System Protection

Auto discovered?

No

Includes identity?

No

Includes custom properties

No

For more information

Symantec Web Page (http://www.symantec.com/)

To integrate Symantec Critical System Protection with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most current version of the following RPMs on your JSA console:

    • Protocol-JDBC RPM

    • Symantec Critical System Protection RPM

  2. For each Symantec Critical System Protection instance, configure Symantec Critical System Protection to enable communication with JSA.

    Ensure that JSA can poll the database for events by using TCP port 1433 or the port that is configured for your log source. Protocol connections are often disabled on databases and extra configuration steps are required in certain situations to allow connections for event polling. Configure firewalls that are located between Symantec Critical System Protection and JSA to allow traffic for event polling.

  3. If JSA does not automatically discover Symantec Critical System Protection, create a log source for each Symantec Critical System Protection instance on the JSA console. The following table describes the parameters that require specific values to collect events from Symantec Critical System Protection::

    Parameter

    Description

    Log Source Type

    Symantec Critical System Protection

    Protocol Configuration

    JDBC

    Log Source Identifier

    Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol.

    If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2.

    Database Type

    MSDE

    Database Name

    SCSPDB

    IP or Hostname

    The IP address or host name of the database server.

    Port

    Enter the JDBC port. The JDBC port must match the listener port that is configured on the remote database. The database must permit incoming TCP connections. The valid range is 1 - 65535.

    The defaults are:

    • MSDE - 1433

    • Postgres - 5432

    • MySQL - 3306

    • Sybase - 1521

    • Oracle - 1521

    • Informix - 9088

    • DB2 - 50000

    If a database instance is used with the MSDE database type, you must leave the Port field blank.

    Username

    A user account for JSA in the database.

    Password

    The password that is required to connect to the database.

    Authentication Domain

    If you did not select Use Microsoft JDBC, Authentication Domain is displayed.

    Database Instance

    The domain for MSDE that is a Windows domain. If your network does not use a domain, leave this field blank.

    Predefined Query (Optional)

    Select a predefined database query for the log source. If a predefined query is not available for the log source type, administrators can select the none option.

    Table Name

    CSPEVENT_VW

    Select List

    The list of fields to include when the table is polled for events. You can use a comma-separated list or type an asterisk (*) to select all fields from the table or view. If a comma-separated list is defined, the list must contain the field that is defined in the Compare Field.

    Compare Field

    EVENT_ID

    Use Prepared Statements

    Prepared statements enable the JDBC protocol source to set up the SQL statement, and then run the SQL statement numerous times with different parameters. For security and performance reasons, most JDBC protocol configurations can use prepared statements.

    Start Date and Time (Optional)

    Type the start date and time for database polling in the following format: yyyy-MM-dd HH:mm with HH specified by using a 24-hour clock. If the start date or time is clear, polling begins immediately and repeats at the specified polling interval.

    Polling Interval

    Enter the amount of time between queries to the event table. To define a longer polling interval, append H for hours or M for minutes to the numeric value

    The maximum polling interval is one week.

    EPS Throttle

    The number of Events Per Second (EPS) that you do not want this protocol to exceed. The valid range is 100 - 20,000.

    Use Named Pipe Communication

    If you did not select Use Microsoft JDBC, Use Named Pipe Communication is displayed.

    MSDE databases require the user name and password field to use a Windows authentication user name and password and not the database user name and password. The log source configuration must use the default that is named pipe on the MSDE database.

    Database Cluster Name

    If you selected Use Named Pipe Communication, the Database Cluster Name parameter is displayed.

    If you are running your SQL server in a cluster environment, define the cluster name to ensure named pipe communication functions properly.

    Use NTLMv2

    If you did not select Use Microsoft JDBC, Use NTLMv2 is displayed.

    Select this option if you want MSDE connections to use the NTLMv2 protocol when they are communicating with SQL servers that require NTLMv2 authentication. This option does not interrupt communications for MSDE connections that do not require NTLMv2 authentication.

    Does not interrupt communications for MSDE connections that do not require NTLMv2 authentication.

    Use Microsoft JDBC

    If you want to use the Microsoft JDBC driver, you must enable Use Microsoft JDBC.

    Use SSL

    Select this option if your connection supports SSL. This option appears only for MSDE.

    Microsoft SQL Server Hostname

    If you selected Use Microsoft JDBC and Use SSL, the Microsoft SQL Server Hostname parameter is displayed.

    You must type the host name for the Microsoft SQL server.