Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Observe IT JDBC

The JSA DSM for ObserveIT JDBC collects JDBC events from ObserveIT.

The following table identifies the specifications for the ObserveIT JDBC DSM:

Table 1: ObserveIT JDBC DSM Specifications

Specification

Value

Manufacturer

ObserveIT

Product

ObserveIT JDBC

DSM RPM name

DSM-ObserveIT-JSA_Version-Build_Number.noarch.rpm

Supported versions

V5.7

Protocol

ObserveIT JDBC

Log File Protocol

JSA recorded events

The following event types are supported by ObserveIT JDBC:

  • Alerts

  • User Activity

  • System Events

  • Session Activity

  • DBA Activity

The Log File Protocol supports user activity in LEEF logs.

Automatically discovered?

No

Includes identity?

Yes

Includes custom properties?

No

More information

ObserveIT website (http://www.observeit-sys.com)

To collect ObserveIT JDBC events, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent versions of the following RPMs from the Juniper Downloads onto your JSA Console:

    • ObserveIT JDBC DSM RPM

    • DSMCommon DSM RPM

    • ObserveIT JDBC PROTOCOL RPM

    • JDBC PROTOCOL RPM

  2. Make sure that your ObserveIT system is installed and the SQL Server database is accessible over the network.

  3. For each ObserveIT server that you want to integrate, create a log source on the JSA console. Configure all the required parameters. Use these tables to configure ObserveIT specific parameters:

    Table 2: ObserveIT JDBC Log Source Parameters

    Parameter

    Description

    Log Source type

    ObserveIT

    Protocol Configuration

    ObserveIT JDBC

    Log Source Identifier

    Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol.

    If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2.

    Database name

    ObserveIT

    IP or Hostname

    The IP address or host name of the ObserveIT system.

    Port

    The port on the ObserveIT host. The default is 1433.

    Username

    The user name that is required to connect to the ObserveIT MS SQL database

    Password

    The password that is required to connect to the ObserveIT MS SQL database.

    Start Date and Time

    Use the yyyy-MM-dd HH: mm format.

    Polling Interval

    The frequency by which to poll the database.

    EPS Throttle

    The event rate throttle in events per second.
    Table 3: Log File Protocol Parameters

    Parameter

    Description

    Protocol Configuration

    Log file

    Log Source Identifier

    The IP address for the log source. This value must match the value that is configured in the Server IP parameter. The log source identifier value must be unique for the log source type.

    Service Type

    From the list, select the protocol that you want to use when retrieving log files from a remote server. The default is SFTP.

    SFTP - SSH File Transfer Protocol

    FTP - File Transfer Protocol

    SCP - Secure Copy

    The underlying protocol that retrieves log files for the SCP and SFTP service type requires that the server specified in the Remote IP or Hostname field has the SFTP subsystem enabled.

    Remote IP or Hostname

    The IP address or host name of the device that stores your event log files.

    Remote Port

    If the remote host uses a non-standard port number, you must adjust the port value to retrieve events.

    Remote User

    The user name necessary to log in to the host that contains your event files. The user name can be up to 255 characters in Length.

    Remote Password

    The password that is necessary to log in to the host.

    Confirm Password

    Confirmation of the password that is necessary to log in to the host.

    SSH Key File

    The path to the SSH key, if the system is configured to use key authentication. When an SSH key file is used, the Remote Password field is ignored.

    Remote Directory

    For FTP, if the log files are in the remote users home directory, you can leave the remote directory blank. A blank remote directory field supports systems where a change in the working directory (CWD) command is restricted.

    SCP Remote File

    If you selected SCP as the Service Type, you must type the file name of the remote file.

    Recursive

    This option is ignored for SCP file transfers.

    FTP File Pattern

    The regular expression (regex) required to identify the files to download from the remote host.

    FTP Transfer Mode

    For ASCII transfers over FTP, you must select NONE in the Processor field and LINEBYLINE in the Event Generator field.

    Start Time

    The time of day when you want the processing to begin. For example, type 12:00 AM to schedule the log file protocol to collect event files at midnight. This parameter functions with the Recurrence value to establish when and how often the Remote Directory is scanned for files. Type the start time, based on a 12-hour clock, in the following format: HH:MM <AM/PM>.

    Recurrence

    The time interval to determine how frequently the remote directory is scanned for new event log files. The time interval can include values in hours (H), minutes (M), or days (D). For example, a recurrence of 2H scans the remote directory every 2 hours.

    Run On Save

    Starts the log file import immediately after you save the log source configuration. When selected, this check box clears the list of previously downloaded and processed files. After the first file import, the log file protocol follows the start time and recurrence schedule that is defined by the administrator.

    EPS Throttle

    The number of Events Per Second (EPS) that the protocol cannot exceed.

    Processor

    Processors allow JSA to expand event file archives, and to process contents for events. JSA processes files only after they are downloaded. JSA can process files in zip, gzip, tar, or tar+gzip archive format.

    Ignore Previously Processed File(s)

    Tracks and ignores files that were processed by the log file protocol. JSA examines the log files in the remote directory to determine whether a file was processed previously by the log file protocol. If a previously processed file is detected, the log file protocol does not download the file for processing. All files that were not processed previously are downloaded. This option applies only to FTP and SFTP Service Types.

    Change Local Directory?

    Changes the local directory on the Target Event Collector to store event logs before they are processed.

    Local Directory

    The local directory on the Target Event Collector. The directory must exist before the log file protocol attempts to retrieve events.

    File Encoding

    The character encoding that is used by the events in your log file.

    Folder Separator

    The character that is used to separate folders for your operating system. Most configurations can use the default value in Folder Separator field. This field is intended for operating systems that use a different character to define separate folders. For example, periods that separate folders on mainframe systems.