SSIM Windows Integration Strategies
- OnBox Installation
- OFFBox Installation
OnBox Installation : The SSIM Agent and Collector will be installed on Target server itself.
OFFBox Installation: The SSIM Agent and Collector will be installed on the Remote Server and Collector will fetch the logs from the Host Server. For OFFBox installation, Host server and Collector server should have established the communication between them.
ON-BOX Agent Installation Procedure (Windows)
Changes in the Windows server
Before begin with the installation, CPU utilization needs to be monitor and capture the snapshot. Administrator needs more intervention on the CPU usage while installing the agent in the Windows server. Agent un-install can happen if the CPU usage is more than the normal.
- Copy the Agent, Collector and JDBC software and paste in the local windows server as below mentioned path,
- D:/SSIM or C:/SSIM (New SSIM Folder needs to be created by the administrator)
- Add the SSIM IP address and corresponding hostname in the Hosts file, (To Open Hosts file, Go to Run - > Type Drivers -->etc --> Open the ‚Hosts‛ file with notepad)
First install the agent software
Using an account with Administrative privileges, execute the installer by double-clicking on the executable file install.exe.
(After clicking the install.exe)
(Symantec Event Agent Installer Introduction)
(Choose install folder)
(Put the IP or hostname to which Appliance you want to integrate the server)
(Finished Installation and click the next)
(Install complete select done)
Install the Collector
Open the command prompt goes that directory where the collector installation file exists and run the install.bat file.
After the completion it will ask for ‚Run java live update for the collector‛. Select ‚No‛ Go to C:/ --> Program Files --> Symantec --> Event Agent --> Open ‚log4jproperity‛ file and edit log4jproperity Maxsize between ‚40000KB - 80000KB‛ (Default size is 100KB) as shown in the below diagram.
Changes in the SSIM Boxes
Add Host name and IP address of the integrated windows server in all SSIM boxes separately (Open via browser).
Go to: Network Setting -> Edit Host File-> Add the Entries -> and Click Save to Hosts Open SSIM client and add the Entry in Windows server category,
Go to -> System -> Product configuration -> Expand ‚Microsoft Windows Event Collector‛ ->
Right click specific Collector sensor category -> Click Properties
Go to -> Computers Tab -> Click Add button
Search the newly added server entry with the help of search option,
Select the server -> click Add and press OK as shown below,
Right click the Collector Sensor Category and Press Distribute (Mandatory)
OFF-BOX Agent Integration Procedure (Windows)
In this case we need not to install any agent and collector in the client system, only SSIM client installation at Off host machine.
Step1: Installed the Agent and collector in the offbox server.
Step2: Checked the connectivity between client and Offbox server (eg: Ping)
Step3: SSIM -> System -> Offbox server -> Windows Event log Sensor and clicked the add button
Step4: Provided the client system IP X.X.X.X (as mentioned in the above the diagram)
Step5: Entered the path to the administrator account name. We can provide either domain account path like domain name\account name or Hostname\Account Name.
Step6: Entered the password of the provided account name.
Step7: Checked the events to verified whether logs are getting generated or not.