NEED TO GENERATE IBM guardium REPORT
We have Guardium integrated and 'Application Firewall' table has all the events. At tis moment I can think of the following actions you can perform.
1. Try restarting the 'NIC Locator' service on the D-SRV or ES appliance to locate the data.
2. You can try to rebuild the indexes of Guardium data by using 'lsmaint' utility.
lsmaint -rebuild all -devices guardium -time start end -verbose
Check if these steps can help you getting data presented in the 'Application Firewall' table.
I am also getting the guardium logs in Application firewall table. But the issue is all logs are in line. I mean all information is stored in one package i.e time, source, message, event description etc..
Can you help me with suggestion to divide all information table wise.
I know Guardium parser has very limited messages defined and most of the data you can find in a very few fields. If you intent is to further classify / divide the data in more fields then you may have to re-write the Guardium parser as you want.
If you are familiar with RSA Event Source Integrator Tool, you can use this tools to modify, create parsers as you want but keep in mind, RSA does not provide support for Custom parsers until you have PS built that parser for you.
I hava a problem with Guardium. I dont receive the event logs of Guardium on enVIsion. Only received the Linux syslog messages, but not the Guardium SQL Guard events
I checked the configuration on both sides (guardium and envision) and this is correct
Just check if you are missing any configuration on the Guardium rules to write the transaction to syslog using enVision template.
I remember our Guardium guys had to do something with the Policy Rules to instruct them to write to syslog using enVision template. It was something called 'Alert per Event'.
I am not a Guardium person, so you may want to check with Guardium expert about this.