Help to Implement SSIM on my Site
Created: 30 Jan 2012 | 23 comments
Hello People
Im new on this forum and using SSIM
I have my SSIM Server running and licensed. But I need to know and understand the configuration and steps for doing this.
We want to collect all the Windows events on our servers.
1. A - Do I need to install the agent and collector on all my servers? Or Just the agent?
1. B - If Yes, what collector do I need to install? Universal Event Collector for Windows?
2. We need to create a sensor for all those servers to collect all the events?
3. Anyone have the best practice documentation for implementing SSIM?
Any help are welcome. Thanks
Discussion Filed Under:
Comments
Use
Use "Microsoft_Windows_Event_Collector_4.3.30_AllWin_EN"
Software Download URL: https://fileconnect.symantec.com
You will need a Serial Number related to your product for access.
sorry, but I use translate.google.ru
Hello Ya4ept But It's
Hello Ya4ept
But It's necessary to instal the Symantec Event Agent 4.7 for Windows and the Universal Collector for Windows on the server?
Or just create a sensor for this server from the Microsoft_Windows_Event_Collector Product Configuration?
I use the following Symantec Products: Veritas Netbackup 7.1 On Windows Server 2003 SP2 Symantec EndPoint 12.1.100.157 RU1 On Windows Server 2003 SP2
Plz do not go for Universal
Plz do not go for Universal Collector, unless & untill it's critical for you.
If you are not able to receive perticular events into SSIM, then only you should use Universal collector.
All types of collectors are available for all products.
Regards,
Avkash K
1. A - Do I need to install
1. A - Do I need to install the agent and collector on all my servers? Or Just the agent?
Not neccessary, you can either install Agent & collector on each box.
OR you can configure one of your server to fetch the logs remotely from other serves & can install the agent & collector on the box.
1. B - If Yes, what collector do I need to install? Universal Event Collector for Windows?
For windows 2003>> windows Event collector
For windows 2008>> Msvista event collector.
2. We need to create a sensor for all those servers to collect all the events?
For all the ONBOX installation, you can have only one sensor setting.
For OFFBOX installtion, you need to create diff. sensors for diff. remote servers.
Where can I find the Symantec Security Information Manager (SSIM) Guides:
http://www.symantec.com/docs/TECH89519
Regards,
Avkash K
OK Guys Server 1 = a File
OK Guys
Server 1 = a File Server Windows 2008
I installed the Windows the Windows Symantec Event Agent 4.7.1 Installer for Windows® and the Universal Collector for Windows Vista®
Then I see this File Servers on the Visualizer, but I have a little amount of events (Just 8 Events) commonly I receive 100 windows events in 10 minutes so maibe something is wrong here...
Any comments?
I use the following Symantec Products: Veritas Netbackup 7.1 On Windows Server 2003 SP2 Symantec EndPoint 12.1.100.157 RU1 On Windows Server 2003 SP2
Where I need to create the
Where I need to create the sensor?
Any suggestion pls?
I use the following Symantec Products: Veritas Netbackup 7.1 On Windows Server 2003 SP2 Symantec EndPoint 12.1.100.157 RU1 On Windows Server 2003 SP2
Hi, I think your going in
Hi,
I think your going in the wrong path.
If you ar trying to integrate Windows server 2008 then you should use msvista collector.
try refering the msvista collector integration guide for more details on configuring sensors & all.
For more details, if you face any issues you can refer following articles if your are using domain account for integration.
Troubleshooting for Windows 2008 R2 Event collection using Windows Vista Event Collector :
https://www-secure.symantec.com/connect/articles/troubleshooting-windows-2008-r2-event-collection-using-windows-vista-event-collector
Best practices for integrating windows 2008 server with domain account. :
https://www-secure.symantec.com/connect/articles/best-practices-integrating-windows-2008-server-domain-account
Configuring the MS Vista collector to pull events from a Windows 2008 R2 member server using a domain account and kerberos authentication using the HTTP protocol.:
http://www.symantec.com/docs/TECH156625
Regards,
Avkash K
Also fond the attached
Also fond the attached integratoion guide for your reference.
Regards,
Avkash K
sorry, but I use translate.google.ru
Any 1 Have the MSVista
Any 1 Have the MSVista Collector?
I just have the Universal Collectors... Thanks
I use the following Symantec Products: Veritas Netbackup 7.1 On Windows Server 2003 SP2 Symantec EndPoint 12.1.100.157 RU1 On Windows Server 2003 SP2
You should be able to
You should be able to download it from fileconnect.
https://fileconnect.symantec.com/
You will need a serial number for SSIM of course.
If you are not sure about your serial number you should contact customer care or support.
I try Olaf But appear a
I try Olaf
But appear a error . I try to download. Its like "maximun download allowed" message
If Any 1 have the collector please let me know where I can download.
Thanks
I use the following Symantec Products: Veritas Netbackup 7.1 On Windows Server 2003 SP2 Symantec EndPoint 12.1.100.157 RU1 On Windows Server 2003 SP2
You won't get it anywhere
You won't get it anywhere other then fileconnect.
Just wait for some hours & then again try downloading the same.
You are getting that message because you have already exceeded your download limit set for your account in fileconnect.
Regards,
Avkash K
You have exceeded the maximum
You have exceeded the maximum number of downloads allowed for this serial number. Please contact Customer Service if you need further assistance.
I use the following Symantec Products: Veritas Netbackup 7.1 On Windows Server 2003 SP2 Symantec EndPoint 12.1.100.157 RU1 On Windows Server 2003 SP2
I think you should contact
I think you should contact support for this, as this issue is with your fileconnect account.
Regards,
Avkash K
Let's Do it a recap: For
Let's Do it a recap:
For Windows 2003 Servers
I install the SSIM agent and Windows 4.3 / Universal Syslog and Universal Log File Collectors.
Create a sensor for each server under SSIM Console --> System --> Product Configurations --> Microsoft Windows Event Collector 4.3
For Windows 2008 Servers
I install the SSIM agent and Windows 4.4 for Vista / Universal Syslog and Universal Log File Collectors.
Create a sensor for each server under SSIM Console --> System --> Product Configurations --> Microsoft Windows Vista Event Collector 4.4
I'ts OK like this? Or do I need to change anything else?
Thanks
I use the following Symantec Products: Veritas Netbackup 7.1 On Windows Server 2003 SP2 Symantec EndPoint 12.1.100.157 RU1 On Windows Server 2003 SP2
I dont receive any log from
I dont receive any log from System or Security on the Templates -> Host Activity
I just have Events from Application and Diagnostic.
It's this ok?
I use the following Symantec Products: Veritas Netbackup 7.1 On Windows Server 2003 SP2 Symantec EndPoint 12.1.100.157 RU1 On Windows Server 2003 SP2
Fir integrating Windows 2003
Fir integrating Windows 2003 servers, please check my below article:
It will really help you to understand Windows 2003 integration strategies.
SSIM Integration Strategies ( Windows ):
https://www-secure.symantec.com/connect/articles/ssim-integration-strategies-windows
==========================================================================
For Windows 2008 Intergation, please check this articles:
Apart from installing Agent & collectors:
Best practices for integrating windows 2008 server with domain account. :
https://www-secure.symantec.com/connect/articles/best-practices-integrating-windows-2008-server-domain-account
Troubleshooting for Windows 2008 R2 Event collection using Windows Vista Event Collector.:
https://www-secure.symantec.com/connect/articles/troubleshooting-windows-2008-r2-event-collection-using-windows-vista-event-collector
Collecting Events from a Windows 2008 R2 machine using the MS Vista Event Collector:
http://www.symantec.com/docs/TECH134081
========================================================================
For 2008 Domain Controllers:
http://www.symantec.com/docs/TECH94371
Regards,
Avkash K
Thanks for a valuable
Thanks for a valuable information.
But I'm continued without receive the Security Logs on SSIM for Windows 2003 and Windows 2008 Servers
I just have Application and Diagnostic Logs.
Any other suggstion?
I use the following Symantec Products: Veritas Netbackup 7.1 On Windows Server 2003 SP2 Symantec EndPoint 12.1.100.157 RU1 On Windows Server 2003 SP2
As already replied on your
As already replied on your other forum discussion. please provide any error logs.
It will helpfull if you close this post & continue discussion in other forum.
Regards,
Avkash K
SSIM Implimation Please
SSIM Implimation
Please collect the SSIM Implemention guide in the attachment.
Hi Baljeet, This guide is
Hi Baljeet, This guide is only for universal collector & not for 2k3 & 2k8 collector.
This will not help in getting error resolved for the issue here.
Regards,
Avkash K
Right, Im using Windows Event
Right, Im using Windows Event Collector and Windows Vista Event Collector.
Thanks
I use the following Symantec Products: Veritas Netbackup 7.1 On Windows Server 2003 SP2 Symantec EndPoint 12.1.100.157 RU1 On Windows Server 2003 SP2
Would you like to reply?
Login or Register to post your comment.