CAS hosts
A Configuration Auditing System (CAS) host configuration defines one or more CAS instances.
After you define one or more CAS template sets, and install CAS on a database server, you are ready to configure CAS on that host. A CAS host configuration defines one or more CAS instances. Each CAS instance specifies a CAS template set, and defines any parameters that are needed to connect to the database. Each database server on which CAS is installed has a single CAS host configuration, which typically contains multiple CAS instances. For example, one CAS instance to monitor operating system items, and additional CAS instances to monitor individual database instances.
- Define a CAS Instance
- Modify a CAS Instance
- Delete a CAS Instance
- Disable a CAS Instance
Define a CAS Instance
- Open the CAS Configuration Navigator by clicking .
The menu lists all database servers where CAS is installed and this host is connected to the Guardium® system.
- Filter by the OS Type or DB Type to find the host that you want to work with.
- Highlight the host that you want to modify and click Modify.
- Select a Template Set from the menu.Note: You cannot define a CAS Instance if the host is offline or on a secondary Guardium system for the host.
- Click Add Datasource to open the Select
datasource window. Note: If no compatible datasource is available for this template set on this host, click to open the Create datasource window and add a datasource.
- Select the data source that you want to add to the template set, and click Save to add it to the template set.
Finding the Guardium CAS Pane
Access to CAS Configuration Functions is restricted to the admin and users who are assigned the CAS role.
Click Harden. All of the CAS functions are listed within the Configuration Change Control (CAS Application) header.
Open the CAS Configuration Navigator
The CAS Configuration Navigator page is the starting point for creating or modifying CAS Hosts.
Open the CAS Configuration Navigator page by clicking .
Modify a CAS Instance
- Open the CAS Configuration Navigator.
- Filter by the OS Type or DB Type to find the instance that you want to work with.
- Highlight the host to modify and click Modify.
A list of defined CAS instances that are associated with the selected host displays with the following information and editing options:
Table 1. Modify a CAS Instance Component Description Disable/Enable Instance Icon
Click the Disable Instance icon to disable or enable the CAS instance
Delete Instance Icon
Click the Delete Instance icon to delete the CAS instance
Datasource
Identifies the data source that is used by the instance. To edit the data source definition, click Datasource to open the Datasource Definition pane.
Template Set
Identifies the CAS template set used by the instance. To view or modify the template set definition, click the link to open the Monitored Item Template Definitions pane.
For more information, see Working with CAS templates.
Monitored Items
A count of items currently monitored by the instance. Click this link to open the Monitored Items Definitions pane, which displays the list of all items that are currently monitored.
For more information, see View Monitored Item Lists.Note: Up to 10,000 monitored items are viewable for reports regardless of the number of monitored items that are defined. To view more items when the number of monitored items approaches this limit, define multiple instances.
Delete a CAS Instance
- Open the CAS Configuration Navigator
- Filter by the OS Type or DB Type to find the instance that you want to work with.
- Click Delete Instance to delete a CAS instance. All collected change data is also deleted.
Disable a CAS Instance
- Open the CAS Configuration Navigator.
- Filter by OS Type or DB Type to find the instance that you want to work with.
- Highlight the host that you want to modify and click Modify, or double-click to open the Host Instance Definitions pane.
- Click Disable Instance to disable a CAS Instance. Change data is not collected until the instance is enabled again when you click the icon.
View Monitored Item Lists
In the Host Instance Definitions pane, click a Monitored Items link to view the complete list of items monitored in the Monitored Items Definitions pane. The following table describes the components in the Monitored Items Definitions pane for this Host Configuration.
Component | Description |
---|---|
Select Box |
Check the Select Box if you'd like to edit a monitored item
individually or as a group. Double-click any monitored item to edit that item. |
Item |
The name of the monitored item from the description in the CAS Item Template Definition pan.e |
Type |
One of the following types:
|
Period |
The average interval between tests, which are specified as a number of seconds (s), minutes (m), hours (h), or days (d). |
Keep Data |
If marked, a copy of the actual data is saved with each change. For example, for a file item, a copy of the file is saved. If marked, but the size of the raw data for the item is greater than the Raw Data Limit configured for this CAS host, no data is saved. |
Use MD5 |
Indicates whether the comparison is done by calculating a checksum of the raw data by using the MD5 algorithm. Computing the MD5 checksum is time-consuming for large character objects. However, it is a better indicator of change than just the size. The default is not to use MD5. If MD5 is used, but the size of the raw data is greater than the MD5 Size Limit configured for the CAS host, the MD5 calculation and comparison is skipped. |
Configuration Auditing System APIs
CAS includes a robust set of GuardAPIs and REST APIs that you can use to manage hosts, template items, and template sets outside of the Guardium UI. For more information about the APIs, see Configuration Auditing System APIs.