Monitoring managed units

Monitor managed units from the Guardium Central Management page.

To monitor and manage managed units,

  1. Log in as an admin user to the Guardium® GUI of the central manager for the units you want to view or manage.
  2. Click Manage > Central Management > Central Management to open Central Management page.

The Central Management page is divided into two sections, the Central Management table, and the Selected Units section. From the Selected Units section, you can select several management tasks that you can perform on selected units. The information and tasks are described in the following tables.

Table 1. Central Management table. View information about all the managed units for this central manager and select and manage the managed units.
Control or header   Description
Groups   Lists the names of all available groups. You can either select All Units group to see all the units associated with this central manager, or select another group to see a subset of managed units.

The All Collectors and All Aggregators groups are always available (along with the All Units group). In addition, any groups that you create, or that are automatically created for you, also display in the Groups list.

You can create and manage groups by clicking Group Setup o in the Selected Units section of the Central Management window. For more information, see Group Setup or Creating managed unit groups.

Select all checkbox   Select the checkbox in the heading to select all managed units (and clear the checkbox to deselect all managed units).
Checkbox   Select a specific unit.
Refresh unit information. Refresh unit info Refreshes all information that is displayed in the expanded view of that unit and issues new requests to that unit. This action also causes a full user synchronization cycle.
Reboot unit Reboot unit Reboots the unit at the operating system level. By default, the Guardium portal is started at startup.
Restart unit portal Restart unit portal Restarts the Guardium application portal on the selected managed unit. You can then log in to that unit to perform Guardium tasks (defining or removing inspection engines, for example).
Shortcut to unit portal Start selected unit Opens the Guardium login page for the managed unit, in a separate browser window.
Unit Status indicator The hostname of the managed unit and the online status of that unit.
The status icon indicates whether the unit is online.
  • Green light - Unit is online.
  • Red light - Unit is offline.

Hover the mouse pointer over the stoplight icon to display the IP address as a tooltip.

All the units are checked (pinged) periodically by a background process. The status is refreshed whenever the machine is checked. See the Last Ping column for the most recent refresh time.

If the hostname changes on the unit, the central manager no longer sees that unit when the online status is automatically refreshed. If you suspect the hostname was changed, click Refresh on the toolbar. Guardium updates the hostname and online status as needed.

Installed Policy   A link to the security policy that is installed on the managed unit. This field is updated on every ping.
Installed Policy Date   The date and time the policy was installed.
Unit Type   The type of unit (such as Managed Aggregator or Managed Collector) and the IP mode.
Ver.   The Guardium version number of the managed unit.
Last Patch   The most recently installed patch number.
Last Ping   The last time that the unit was pinged by the central manager to determine the managed unit's online status.
Table 2. Selected units section
Button Description
Group Setup Opens the Group Setup window, from which you can create new groups, remove groups, and associate managed units with groups. For more information, see Creating managed unit groups.
Unregister Unregister all selected units.
Reboot Reboot the selected managed units.
Restart Portal Restart the Guardium portal for the selected units.
Restart Inspection Engines Restart the inspection engines of the selected units.
Refresh Refresh the names and other information for the selected units.
Install Policy Opens the Install Security Policy page. Select a policy to apply to all selected units. For more information, see Installing security policies on managed units.
Patch Distribution Patch Distribution opens the Patch Distribution page, which displays a list of available patches with dependencies. You can select a patch and install it on all selected units. You can also schedule patches up to one year in the future.

For more information, see Central patch management.

Distribute Uploaded Jar Files

Click Harden > Vulnerability Assessment > Customer Uploads. Then, enter the name of the file to be uploaded. Otherwise, click the Browse to locate and select that file. Upload one driver at a time.

Click Upload. You are notified when the operation completes, and the file that is uploaded is displayed. This action brings the uploaded file to the central manager.

Select the managed unit or units where you want to distribute the JAR files. Click Distribute Uploaded JAR files.

Distribute Patch Backup Settings

This setting distributes the following to selected units:

PATCH_BACKUP_FLAG; PATCH_AUTOMATIC_RECOVERY_FLAG; PATCH_BACKUP_DEST_HOST; PATCH_BACKUP_DEST_DIR;     PATCH_BACKUP_DEST_USER; PATCH_BACKUP_DEST_PASS

Distribute Authentication Config Distribute the authentication configuration to all managed units selected. For more information, see Distributing authentication configuration.
Distribute Configurations

The following configurations are distributed to sync parameters between the central manager and the managed units:

  • Anomaly Detection - Active on startup, Polling interval
  • Alerter - all fields
  • Data Archive - all fields
  • Global profile - Concurrent Logins, Data Level Security, all fields except Named Templates (which are already synced), PDF footer text, and logo image.
  • IP-to-Hostname Aliasing - both check boxes
  • Results Archive - all fields
  • Results export - all fields  
  • Session Inference - all fields
  • System Backup - all fields
  • Data export - all fields

Some of these configurations do not take effect until the portal is restarted (Anomaly Detection, Session Inference). Other processes, such as the Alerter, need to be restarted, either directly through the admin portal of the managed unit, or by rebooting all relevant managed units from the manager. For more information, see Distributing configurations.

Distribute Configurations does not restart the managed units. To restart the managed units, either select the restart unit icon (Restart unit portal) for a singe unit or select Restart Portal to restart all the selected units.

For any configuration that includes scheduling , you can select the Include Schedule checkbox. When Include Schedule is selected, Distribute Configurations also includes the configuration's scheduling.

Distribute GIM bundles Distributes GIM bundles to the selected managed units. A message displays when the GIM bundles are distributed.
Register New Opens the Unit Registration page to register a new unit for management.
Patch Installation Status Opens the Patch Installation Status window, which displays failed installations and discrepancies for each unit.
Designate Backup CM Displays the Designate Backup CM window. Select a backup central manager IP address or select a unit that can serve as the backup central manager and click Apply.
Run database instance discovery Runs the database instance discovery from the central manager on all the active Unix or Windows S-TAP units for all the managed units, a group of managed units, or a single managed unit.

Opens the Run database instance discovery page, where you can select all managed units, a group of managed units or an individual managed unit, all active S-TAP hosts, and the Replace Inspection Engines checkbox.

Important: Do not check Replace Inspection Engines unless you want to overwrite the existing inspection engine configurations.

You can view the discovered instances under Discover > Reports > Discovered Instances.

Assigning correlation alerts from the central manager to individual managed units or managed unit groups

You can assign correlation alerts to individual managed units or managed unit groups from the central manager. You can assign or exclude alerts to a unit or to a managed unit group. You can also specify whether to run the alerts on the central manager itself. For more information, see Managing correlation alerts.
Notes:
  • On the individual managed units, the alert builder does not show any section on managed units. Only the central manager can assign alerts to units and groups.
  • For any entries in the alert table that exclude a given managed unit, a system-generated group is created to exclude that unit for each excluded alert. The group is created when the alerts are started on that managed unit.
  • The alert windows on the anomaly detection page under admin console were used to locally enable or disable alerts. For this feature, the alert windows appear only on the central manager.
  • On the managed units, a table shows active alerts and whether they are enabled.