Video Screencast Help
Search Video Help Close Back
to help

where should SSIM agent be installed to grab MS SQL data?

Created: 11 Jan 2013 | 4 comments
alvingarlic's picture
alvingarlic
0 0 Votes
Login to vote

Hi

 

In my project, both SEPM server and SOPHOS server deposits its log in SecurityDB server. My question is should i install SSIM agent in all the above server or only SecurityDB server so that MS SQL data can be grab by SSIM.

 

I am a newbie

Discussion Filed Under:
, , , , , , , , , , ,

Comments 4 CommentsJump to latest comment

antilles's picture
antilles Partner Accredited
where should SSIM agent be installed to grab MS SQL data? - Comment:14 Jan 2013 : Link

Hi,

Do you want to gather logs from Sophos and SEP only?
If yes, then you can connect to the database remotely via JDBC.
If you need to monitor MS SQL ErrorLog files then you need to use appropriate collector, but still you should be able to gather logs remotely by configuring network share on MS SQL server. If creating of such shared folder isn't allowed by your security policy then you should consider local installation of Symantec Event Agent with MS SQL ErrorLog event collector.

Regards

0
Login to vote
VKalani's picture
VKalani
where should SSIM agent be installed to grab MS SQL data? - Comment:21 Jan 2013 : Link

If both sophos and sepm use the same MS SQL server, you can install the collector on the sql server..OR you can install it on the  SSIM server too..

-VKalani

0
Login to vote
Avkash K's picture
Avkash K Partner
where should SSIM agent be installed to grab MS SQL data? - Comment:21 Jan 2013 : Link

Hi,

You can collect DB logs using JDBC connections.

Below articles will help you understand more...

http://www.symantec.com/docs/TECH86318

http://www.symantec.com/docs/TECH174236

http://www.symantec.com/docs/TECH163298

 

Regards,

Avkash K

0
Login to vote
SK Ooi's picture
SK Ooi
where should SSIM agent be installed to grab MS SQL data? - Comment:28 Jan 2013 : Link

JDBC drivers are network capable in the sense that it can work remotely to extract data from the MS SQL Server. Just make sure you create the READONLY user on the MS SQL so that can collector can access the required database table.

 

A tip for troubleshooting is to turn the RAW Logging and check the log to see if JDBC throws up any error messages. If I remember correctly the original collector documentation could be missing some database tables that need to have READONLY access granted. I think the table name is LICENSE. Anyway, check the collector log for the JDBC error messages.

 

When you got it running remember to turn off the RAW logging unless you need it as a customer requirement.

 

Hope this helps

 

SK

0
Login to vote