Control Compliance Suite

Hi all,

I need information about the logs collection for CCS.

From my previous logged cases with Symantec, I understand that the logs are retrieved from the CSM_DB database.

For the location of logs, please tell me which table of the database that these logs can be retrieved.
In my company's project, we will be using a HP SmartConnector to retrieve these logs from the database and send them to a centralized log management server for analysis and correlation.
 

These are the logs which i need to extract and retreive:

Security logs: Authentication, Configuration changes, Audit logs
>>> (Login/logout, who logged on/ date/time of event)

 Application logs: Generated from application and services we are
>>> running (e.g start-up, shutdown events, running of jobs, error logs)

>>> System logs: logs generated by the system (e.g. OS, etc)

 

To my current understanding, the logs may be retrieved from the database or the windows event viewer. For the database, i understand that it may come from the CSM_DB or CSM_Reports database, under the table dbo.ChangeLogEntries. However, when i tried running a data collection job, it does not get reflected immediately in the CSM_DB or CSM_Reports database. Can anyone help me with this?

Thanks all in advance!  

dbo.ChangeLogEntries sounds like would be just for CCS changes? Are you trying to gather these logs on all windows servers? Or just on the CCS application server? What Standard are you using for your data collection? Have you tried first creating/running a Query on a Windows machine asset instead of a Data Collection to see what data is returned? The logs you are referring to are Windows Event logs so the checks within the standard you use for the data collection would have to evaluate the data gathered against whatever you set as the value in the check. That's why I would run a query instead, if you are only just wanting to gather the log data.