Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

where should SSIM agent be installed to grab MS SQL data?

Created: 11 Jan 2013 | 4 comments

Hi

 

In my project, both SEPM server and SOPHOS server deposits its log in SecurityDB server. My question is should i install SSIM agent in all the above server or only SecurityDB server so that MS SQL data can be grab by SSIM.

 

I am a newbie

Comments 4 CommentsJump to latest comment

lukaszfr's picture

Hi,

Do you want to gather logs from Sophos and SEP only?
If yes, then you can connect to the database remotely via JDBC.
If you need to monitor MS SQL ErrorLog files then you need to use appropriate collector, but still you should be able to gather logs remotely by configuring network share on MS SQL server. If creating of such shared folder isn't allowed by your security policy then you should consider local installation of Symantec Event Agent with MS SQL ErrorLog event collector.

Regards

VSK's picture

If both sophos and sepm use the same MS SQL server, you can install the collector on the sql server..OR you can install it on the  SSIM server too..

-VSK

SK Ooi's picture

JDBC drivers are network capable in the sense that it can work remotely to extract data from the MS SQL Server. Just make sure you create the READONLY user on the MS SQL so that can collector can access the required database table.

 

A tip for troubleshooting is to turn the RAW Logging and check the log to see if JDBC throws up any error messages. If I remember correctly the original collector documentation could be missing some database tables that need to have READONLY access granted. I think the table name is LICENSE. Anyway, check the collector log for the JDBC error messages.

 

When you got it running remember to turn off the RAW logging unless you need it as a customer requirement.

 

Hope this helps

 

SK