DCAP Central 4.1

Configuring Guardium Appliances

This section provides scripts to configure Guardium appliances. This section does NOT replace the instructions available in the Guardium release notes; follow the release notes instructions, which are more complete.

The instructions shown here are a summary only, and provide scripts that you can use as grdapi scripts to use with an ssl session and CLI. You can also use this procedure to move files to a third Linux server from which DCAP Central will pull data.

To enable data transfers between Guardium appliances and DCAP Central, there are two scripts that need to be executed on a one time basis in order to configure the appropriate data marts, and to schedule the ongoing export of these data marts to DCAP Central. The config_script.formanager is executed on the CM and responsible for configuring the data marts. The config_script.formanaged is to be run on each collector to set the export schedules for the collectors to push data to the target location.

To push directly to DCAP Central:

  1. Login to the Guardium appliance using the CLI account and copy to that directory using the following grdapi command (replacing the host, username, pwd and directory location):

    grdapi datamart_validate_copy_file_info destinationHost="<host>" destinationPassword="<pwd>" destinationPath="<full path to directory>" destinationUser="<username>" transferMethod="SCP"

    Successful execution will result in an OK message.

  2. Change the attached scripts to include this host, username, path and password

  3. Run the two modified scripts in the CLI using the following command:

    ssh cli@<guardium CM appliance> < config_script.forManager

    Enter the CLI password when requested; all should return OK.

    Next, execute the following:

    ssh cli@<guardium collector appliance> < config_script.forManaged

    Enter the CLI password when requested; all should return OK

  4. Files will begin to be written to the directory after two hours, and will be delivered hourly after this initiation.

To push directly to a third Linux server (and later configure DCAP Central using remote mode):

  1. Identify a Linux server with SSH installed to be used as the staging target where all the extract files will be created.

  2. Secure a username/password to that server and identify a directory that this user has write permissions to. Execute an SCP file copy to this directly to validate access.

  3. Login to the Guardium appliance using the CLI account and copy to that directory using the following grdapi command (replacing the host, username, pwd and directory location):

    grdapi datamart_validate_copy_file_info destinationHost="<host>" destinationPassword="<pwd>" destinationPath="<full path to directory>" destinationUser="<username>" transferMethod="SCP"

    Successful execution will result in an OK message.

  4. Change the attached scripts to include this host, username, path and password

  5. Run the two modified scripts in the CLI using the following command:

    ssh cli@<guardium CM appliance> < config_script.forManager

    Enter the CLI password when requested; all should return OK.

    Next, execute the following:

    ssh cli@<guardium collector appliance> < config_script.forManaged

    Enter the CLI password when requested; all should return OK

  6. The initial file copy will take approximately two hours to complete; files will be delivered hourly thereafter.

Sample Scripts – V1.x through V2.1

Sample scripts for DCAP Central V1.x-V2.1, or when DCAP Central is used only for audit data:

Note

Change the path to your specific path; for a standalone system, run both scripts.

config_script.forManager:

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Exception Log" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Session Log Ended" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Session Log" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Access Log" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Full SQL" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Outliers List" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Outliers Summary by hour" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Export Extraction Log" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Group Members" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Policy Violations" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Buff Usage Monitor" transferMethod="SCP"

grdapi schedule_job jobType=dataMartExtraction cronString="0 20 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Group Members"

config_script.forManaged:

grdapi schedule_job jobType=dataMartExtraction cronString="0 10 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Outliers List"

grdapi schedule_job jobType=dataMartExtraction cronString="0 10 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Outliers Summary by hour"

grdapi schedule_job jobType=dataMartExtraction cronString="0 01 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Exception Log"

grdapi schedule_job jobType=dataMartExtraction cronString="0 20 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Export Extraction Log"

grdapi schedule_job jobType=dataMartExtraction cronString="0 05 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Policy Violations"

grdapi schedule_job jobType=dataMartExtraction cronString="0 33 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Session Log"

grdapi schedule_job jobType=dataMartExtraction cronString="0 34 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Session Log Ended"

grdapi schedule_job jobType=dataMartExtraction cronString="0 32 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Access Log"

grdapi schedule_job jobType=dataMartExtraction cronString="0 30 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Full SQL"

grdapi schedule_job jobType=dataMartExtraction cronString="0 05 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Policy Violations"

grdapi schedule_job jobType=dataMartExtraction cronString="0 0 8 ? * 1,2,3,4,5,6,7" objectName="Export: VA Results"

Sample scripts – V2.2 and up

Sample scripts for DCAP Central V2.2 and up:

Note

Change the path to your specific path; for a standalone system, run both scripts.

config_script.forManager:

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Exception Log" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Session Log Ended" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Session Log" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Access Log" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Full SQL" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Outliers List" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Outliers Summary by hour" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Export Extraction Log" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Group Members" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Policy Violations" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Buff Usage Monitor" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: VA Results" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: STAP Status" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Classifier Results" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Discovered Instances" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Databases Discovered" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Datasources" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: Installed Patches" transferMethod="SCP"

grdapi datamart_update_copy_file_info destinationHost="yourhosthere" destinationPassword="yourpwdhere" destinationPath="/local/raid0/sonargd/incoming" destinationUser="sonargd" Name="Export: System Info" transferMethod="SCP"

grdapi schedule_job jobType=dataMartExtraction cronString="0 20 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Group Members" 

grdapi schedule_job jobType=dataMartExtraction cronString="0 21 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Datasources"

config_script.forManaged:

grdapi schedule_job jobType=dataMartExtraction cronString="0 40 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Access Log" 

grdapi schedule_job jobType=dataMartExtraction cronString="0 45 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Session Log" 

grdapi schedule_job jobType=dataMartExtraction cronString="0 46 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Session Log Ended"

grdapi schedule_job jobType=dataMartExtraction cronString="0 25 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Exception Log" 

grdapi schedule_job jobType=dataMartExtraction cronString="0 30 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Full SQL" 

grdapi schedule_job jobType=dataMartExtraction cronString="0 10 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Outliers List" 

grdapi schedule_job jobType=dataMartExtraction cronString="0 10 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Outliers Summary by hour"

grdapi schedule_job jobType=dataMartExtraction cronString="0 50 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Export Extraction Log" 

grdapi schedule_job jobType=dataMartExtraction cronString="0 15 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Group Members"

grdapi schedule_job jobType=dataMartExtraction cronString="0 5 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Policy Violations" 

grdapi schedule_job jobType=dataMartExtraction cronString="0 12 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Buff Usage Monitor"

grdapi schedule_job jobType=dataMartExtraction cronString="0 20 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: VA Results"

grdapi schedule_job jobType=dataMartExtraction cronString="0 0/5 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: STAP Status"

grdapi schedule_job jobType=dataMartExtraction cronString="0 22 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Discovered Instances"

grdapi schedule_job jobType=dataMartExtraction cronString="0 23 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Databases Discovered"

grdapi schedule_job jobType=dataMartExtraction cronString="0 24 0/1 ? * 1,2,3,4,5,6,7" objectName="Export: Classifier Results"

grdapi schedule_job jobType=dataMartExtraction cronString="0 0 5 ? * 1,2,3,4,5,6,7" objectName="Export: Installed Patches"

grdapi schedule_job jobType=dataMartExtraction cronString="0 0 5 ? * 1,2,3,4,5,6,7" objectName="Export: System Info"