Observe IT JDBC
The JSA DSM for ObserveIT JDBC collects JDBC events from ObserveIT.
The following table identifies the specifications for the ObserveIT JDBC DSM:
Specification |
Value |
---|---|
Manufacturer |
ObserveIT |
Product |
ObserveIT JDBC |
DSM RPM name |
DSM-ObserveIT-JSA_Version-Build_Number.noarch.rpm |
Supported versions |
V5.7 |
Protocol |
ObserveIT JDBC Log File Protocol |
JSA recorded events |
The following event types are supported by ObserveIT JDBC:
The Log File Protocol supports user activity in LEEF logs. |
Automatically discovered? |
No |
Includes identity? |
Yes |
Includes custom properties? |
No |
More information |
ObserveIT website (http://www.observeit-sys.com) |
To collect ObserveIT JDBC events, complete the following steps:
-
If automatic updates are not enabled, download and install the most recent versions of the following RPMs from the Juniper Downloads onto your JSA Console:
-
ObserveIT JDBC DSM RPM
-
DSMCommon DSM RPM
-
ObserveIT JDBC PROTOCOL RPM
-
JDBC PROTOCOL RPM
-
Make sure that your ObserveIT system is installed and the SQL Server database is accessible over the network.
For each ObserveIT server that you want to integrate, create a log source on the JSA console. Configure all the required parameters. Use these tables to configure ObserveIT specific parameters:
Table 2: ObserveIT JDBC Log Source Parameters Parameter
Description
Log Source type
ObserveIT
Protocol Configuration
ObserveIT JDBC
Log Source Identifier
Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol.
If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2.
Database name
ObserveIT
IP or Hostname
The IP address or host name of the ObserveIT system.
Port
The port on the ObserveIT host. The default is 1433.
Username
The user name that is required to connect to the ObserveIT MS SQL database
Password
The password that is required to connect to the ObserveIT MS SQL database.
Start Date and Time
Use the yyyy-MM-dd HH: mm format.
Polling Interval
The frequency by which to poll the database.
EPS Throttle
The event rate throttle in events per second.
Table 3: Log File Protocol Parameters Parameter
Description
Protocol Configuration
Log file
Log Source Identifier
The IP address for the log source. This value must match the value that is configured in the Server IP parameter. The log source identifier value must be unique for the log source type.
Service Type
From the list, select the protocol that you want to use when retrieving log files from a remote server. The default is SFTP.
SFTP - SSH File Transfer Protocol
FTP - File Transfer Protocol
SCP - Secure Copy
The underlying protocol that retrieves log files for the SCP and SFTP service type requires that the server specified in the Remote IP or Hostname field has the SFTP subsystem enabled.
Remote IP or Hostname
The IP address or host name of the device that stores your event log files.
Remote Port
If the remote host uses a non-standard port number, you must adjust the port value to retrieve events.
Remote User
The user name necessary to log in to the host that contains your event files. The user name can be up to 255 characters in Length.
Remote Password
The password that is necessary to log in to the host.
Confirm Password
Confirmation of the password that is necessary to log in to the host.
SSH Key File
The path to the SSH key, if the system is configured to use key authentication. When an SSH key file is used, the Remote Password field is ignored.
Remote Directory
For FTP, if the log files are in the remote users home directory, you can leave the remote directory blank. A blank remote directory field supports systems where a change in the working directory (CWD) command is restricted.
SCP Remote File
If you selected SCP as the Service Type, you must type the file name of the remote file.
Recursive
This option is ignored for SCP file transfers.
FTP File Pattern
The regular expression (regex) required to identify the files to download from the remote host.
FTP Transfer Mode
For ASCII transfers over FTP, you must select NONE in the Processor field and LINEBYLINE in the Event Generator field.
Start Time
The time of day when you want the processing to begin. For example, type 12:00 AM to schedule the log file protocol to collect event files at midnight. This parameter functions with the Recurrence value to establish when and how often the Remote Directory is scanned for files. Type the start time, based on a 12-hour clock, in the following format: HH:MM <AM/PM>.
Recurrence
The time interval to determine how frequently the remote directory is scanned for new event log files. The time interval can include values in hours (H), minutes (M), or days (D). For example, a recurrence of 2H scans the remote directory every 2 hours.
Run On Save
Starts the log file import immediately after you save the log source configuration. When selected, this check box clears the list of previously downloaded and processed files. After the first file import, the log file protocol follows the start time and recurrence schedule that is defined by the administrator.
EPS Throttle
The number of Events Per Second (EPS) that the protocol cannot exceed.
Processor
Processors allow JSA to expand event file archives, and to process contents for events. JSA processes files only after they are downloaded. JSA can process files in zip, gzip, tar, or tar+gzip archive format.
Ignore Previously Processed File(s)
Tracks and ignores files that were processed by the log file protocol. JSA examines the log files in the remote directory to determine whether a file was processed previously by the log file protocol. If a previously processed file is detected, the log file protocol does not download the file for processing. All files that were not processed previously are downloaded. This option applies only to FTP and SFTP Service Types.
Change Local Directory?
Changes the local directory on the Target Event Collector to store event logs before they are processed.
Local Directory
The local directory on the Target Event Collector. The directory must exist before the log file protocol attempts to retrieve events.
File Encoding
The character encoding that is used by the events in your log file.
Folder Separator
The character that is used to separate folders for your operating system. Most configurations can use the default value in Folder Separator field. This field is intended for operating systems that use a different character to define separate folders. For example, periods that separate folders on mainframe systems.