This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA® enVision Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2008-07-24 06:37 AM

Data Flow in enVision

Hi,

 

I am a bit confused about the data flow in enVision say from a Network Device to my Local Collector to the IPDB and to the Coorelation Engine and then finally to the GUI as an alert.

How does this flow takes place. What are the various stages in which data flows?

 

 

Thanks

MJ

0 Likes
Reply
9 Replies
RSAAdmin
Beginner
Beginner
‎2008-07-24 08:46 AM

At a very high level, the events are collected, processed simultaneously for alerting and into the IPDB, and then can be retrieved for reporting through the GUI.

 

There is a more precise diagram of the enVision data flow in the Help file.  If you access enVision Help, then do a seach for "data flow" (include the double quotes), it will be the first topic that comes up.

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-07-24 09:03 AM

Thanks for the info Matt.

 

However, I am not able to understand the concept of "processed simultaneously for alerting and into the IPDB".

In the attached diagram, the event messages first goes to the logsmart(I believe this is the IPDB) and then from there the event files are retrieved by the Alerter service, which takes "View Configuration Data" from the config data, and sends the ALert data back to the IPDB.

 

Can you further explain me whyyou say that "At a very high level, the events are collected, processed simultaneously for alerting and into the IPDB, and then can be retrieved for reporting through the GUI."

 

Appreciate your prompt response.

 

Thanks

MJ

Preview file
40 KB
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-07-24 01:11 PM

What I mean is that as soon as an event enters the IPDB, the Alerter service takes note of it.  If it meets the criteria to trigger an alarm it writes an Alert Event back into the IPDB and sends out a notification using whichever other methodologies you have configured (console, e-mail, SNMP, etc).

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-07-25 07:23 AM

Hi Matt,

 

Thanks for the info. Can you tell me the exact location of the Directory on NAS where Alerts are stored.

 

Is it on Vol0 or Vol1?

 

 

Thanks

MJ

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-07-28 10:02 AM

It depends on the nature of the setup and where the alert came from.

 

If the alert was generated from an event on LC1 - it ends up on vol1

If the alert was generated from an event on LC2 - it ends up on vol2

If the alert was generated from an event on LC3 - it ends up on vol3

 

If the alert was generated from an RC or the enVision software itself, it ends up on vol0

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-07-28 10:06 AM

But all I can see on the NAS Vol1 is a "Data" folder and then the subsequent folders starting with device type, indivisual device IP, year and month fodler and the day folder where the files are stored. I believ this is what is called the IPDB and this is the location where all the incoming data is stored.

But I do not see the alerts stored here or on the Vol0.

 

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-07-28 10:43 AM

The alert events themselves are stored in the IPDB along with the regular event data - you will not see any files, per se, that specifically say "alerts", or anything like that.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-07-28 11:36 AM

OK. So are you saying that when I use the "lsmaint" command with the 'move' parameter, the alert events are also backed up along with the event data?

 

The packager service is responsible for storing the event data onto the NAS. Is it also responsible for storing the alert events.

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2008-07-28 11:39 AM

Yes - that is correct.

0 Likes
Reply
© 2021 RSA Security LLC or its affiliates.
All rights reserved.