Configurations control the behavior of Information Manager components.
To distribute configurations to a computer, you can associate a configuration with the computer. You can then distribute the configuration either immediately or at a later date, depending on your needs.
See“About editing computer properties”on page 83.
Associating configurations directly with a computerdefines each of the available configurations that can be associated directly with a computer.
Note:Only those configurations that are shipped with the default installation of Information Manager are listed here. If additional collectors or products are added to your Information Manager, the configurations list may be different.
Description Configuration
Contains the common Information Manager server settings, which may affect one or more components on an Information Manager server. For example, configuration settings define which directory service and database the server should use.
Symantec Event Agent and Manager – Manager Configurations
Contains the settings for services within the Information Manager server, such as the event logging subsystem or the configuration service.
Symantec Event Agent and Manager – Manager Component Configurations
Lets you control how failover is performed from the Information Manager server to directory service and Information Manager server to database.
Symantec Event Agent and Manager – Manager Connection Configurations
Sets the agent to Information Manager server failover. Failover is the ability of Information Manager components to automatically switch to designated secondary resources if the primary resource fails or terminates abnormally.
Symantec Event Agent and Manager – Agent Connection Configurations
Lets the agent communicate with the corresponding Information Manager server.
They include which primary and secondary server to connect to and how to get configuration information and report inventory. In addition, they include how these computers should receive LiveUpdate information.
Symantec Event Agent and Manager – Agent Configurations
Configures Symantec Critical System Protection Event Collector to collect DB sensor data from various platforms.
Symantec Critical System Protection Event Collector
Configures LiveUpdate to obtain software updates for the various software components of Information Manager, such as event collectors, relays, security content, rules, and filters.
LiveUpdate 1.0 – LiveUpdate
87 Managing organizational units and computers About managing computers within organizational units
Description Configuration
Configures Java LiveUpdate to obtain software updates for the various software components of Information Manager, such as event collectors, relays, security content, rules, and filters.
LiveUpdate 1.0 – Java LiveUpdate
Configures the Internet Security Systems RealSecure SiteProtector Event Collector to collect DB sensor data from various platforms.
ISS SiteProtector Event Collector
Configures Check Point FireWall-1 Event Collector to collect OpsecLea sensor data from various platforms.
Check Point Firewall – 1 Event Collector
Configures Cisco ASA Event Collector to collect Syslog sensor data from various platforms.
Cisco ASA Event Collector
Configures Generic Syslog Event Collector to collect Syslog sensor from various platforms.
Generic Syslog Event Collector
Configures Juniper Networks NetScreen Security Manager Event Collector to collect Syslog sensor data from various platforms.
Juniper NSM Event Collector
Configures Juniper NetScreen Event Collector to collect Syslog sensor data from various platforms.
Juniper Netscreen Firewall Event Collector
Configures Snare for Windows Event Collector to collect Syslog sensor data from various platforms.
Snare for Windows Event Collector
Configures Snort Event Collector to collect SyslogFile sensor data from various platforms.
Snort Syslog Event Collector
Configures Symantec Endpoint Protection 11.0 Event Collector to collect DB sensor data from various platforms.
Symantec Endpoint Protection 11.0 Event Collector
Configures Symantec Endpoint Protection State 11.0 Event Collector to collect DB sensor data from various platforms.
Symantec Endpoint Protection State 11.0 Event Collector
Description Configuration
Configures the Information Manager Event Collector to collect SyslogFile sensor data.
The Local Event Collector tracks the events that the Linux operating system that runs Information Manager generates. Examples include ssh commands and wrong password entries.
Symantec Security Information Manager Local Event Collector
Configures Syslog Director.
Syslog Director
Configures the Universal Logfile Event Collector to collect events from the products that log to text files.
Universal Logfile Event Collector
Configures UNIX OS Event Collector to collect syslog data from various platforms.
In addition, the UNIX Event Collector collects data from ISC BIND9, Linux iptables, and the Linux Audit daemon AUDITD.
UNIX OS Event Collector
Configures the Universal Syslog Event Collector to collect events from the products that log events by using the Syslog protocol.
Universal Syslog Event Collector
Configures Universal Event Collector for Microsoft Windows Vista to collect events from Microsoft Windows Vista, Windows Server 2008, and Windows 7 event logs.
Universal Event Collector for Microsoft Windows Vista
Configures Universal Event Collector for Microsoft Windows to collect events from Microsoft Windows event logs.
Universal Event Collector for Microsoft Windows
Configures QualysGuard Event Collector to collect QualysGuard sensor data from various platforms.
Qualys Guard Event Collector
For more details about the Collectors you must refer to the specific Collector guides.
To associate configurations directly with the computer 1 In the Information Manager console, click System.
2 On the Administration tab, in the left pane, navigate to the relevant domain, and expand the Organizational Units navigation tree.
89 Managing organizational units and computers About managing computers within organizational units
3 Click the name of the organizational unit that contains the computer that you want to edit.
4 In the right pane, right-click the name of the computer, and click Properties.
5 In the Computer Properties dialog box, on the Configurations tab, click Add.
6 In the Find Configurations dialog box, in the Look-in drop-down list, select the product whose configurations you want to associate with the computer.
The configurations are displayed in the Available configurations list.
See“Associating configurations directly with a computer”on page 86.
7 In the Available configurations list, select a configuration, and click Add.
The selected configuration is listed in the Selected configuration list.
If the computer already contains a configuration, and you now select a different configuration, the new configuration replaces the old one.
8 To select a configuration for a different product, repeat steps6and7.
9 When you finish adding configurations, click OK.
10 In the Computer Properties dialog box, do one of the following:
■ To remove a configuration, select it, and click Remove.
■ To view a configuration’s properties, select it, and click Properties.
11 Click OK.