Critical System Protection

 View Only
  • 1.  MySql for CSP database

    Posted Aug 05, 2014 11:34 PM

    Hi,

    I have MySql database in my environment, can CSP be configured to use MySql database for logs and event storing.

    What are the other database that can be configured by CSP.

    Thank you



  • 2.  RE: MySql for CSP database

    Posted Aug 05, 2014 11:37 PM

    CSP support SQL Enterprise Server

    http://www.symantec.com/en/in/critical-system-protection/system-requirements

    see this articles

    How to install SCSP with Microsoft SQL Server 2008 R2 Express Edition

    https://www-secure.symantec.com/connect/articles/how-install-scsp-microsoft-sql-server-2008-r2-express-edition



  • 3.  RE: MySql for CSP database

    Broadcom Employee
    Posted Aug 06, 2014 01:17 AM

    MS SQL express is the default DB and you can use the MS SQL server for the install of the SCSP manager.

    check the system requirement guide for additional details.



  • 4.  RE: MySql for CSP database
    Best Answer

    Posted Aug 06, 2014 03:41 PM

    Hi Indu,

    I think the short answer you are looking for is 'no'.  CSP (DSC) works only with MS SQL.

    I think that's what you're looking for.  ;)

     

    Best Regards

    Will
     



  • 5.  RE: MySql for CSP database

    Posted Aug 07, 2014 02:39 AM

    Thanks Will.. Thanks for the clarification.

    I have a centralized database server, can i create an new instance on that DB server and update my Management server to push the logs to that MS SQL instance DB.

    Can you clarify me on how SIEM is interated with CSP. Can i send the logs to both SIEM and DB



  • 6.  RE: MySql for CSP database

    Posted Aug 07, 2014 07:02 AM

    You can create 1 alert that dumps the log to the SEIM, then copy that alert and then move it elsewhere to where you need.



  • 7.  RE: MySql for CSP database

    Posted Aug 28, 2014 05:36 PM

    Also, when you install CSP, by default it will create a database user in MSSQL called scsp_plugin.  This is a read-only account.  You can use this account to pull data in to a SEIM device.

    The query will be something like this:

    use SCSPDB
    select * from EVENT_VW where EVENT_ID > [the last event you pulled into your SEIM device]