Monitoring Managed Units
Monitor managed units by using Central Management.
To monitor managed units:
- Log in to the Guardium® GUI of the unit to be managed as the admin user.
- Click to open Managed Units.
Each component of the Central Management pane is described in the table.
| Control | Description |
|---|---|
Select all check box |
Mark this box in the shaded area of column one to select all managed units. |
Unselect all |
Clear all managed units. |
Check box |
Mark this box to select the unit for wanted operation. |
Refresh unit information |
Refreshes all information that is displayed in the expanded view of that unit and issues new requests to that unit. This action also causes a full user synchronization cycle. |
Reboot unit |
Reboots the unit at the operating system level. By default, the Guardium portal is started at startup. |
Restart unit portal |
Restarts the Guardium application portal on the managed unit. You can then log in to that unit to do Guardium tasks (defining or removing inspection engines, for example). |
View unit SNMP attributes |
Opens the SNMP Viewer pane in a separate window. Clicking the refresh icon in the SNMP Viewer pane refreshes the data in the window. |
View unit syslog |
Opens the Syslog Viewer in a separate window, displaying the last 64 KB of syslog messages. Clicking the Refresh icon in the Syslog Viewer pane refreshes the data in the window. |
Shortcut to unit portal |
Opens the Guardium login page for the managed unit, in a separate browser window. |
Unit Name |
The host name of the managed unit. If you hold the mouse pointer over the unit name, its IP address displays as a tooltip. If the host name changes on the unit, the Central Manager no longer sees that unit when automatically refreshing the Online status. If you suspect the host name was changed, use Refresh on the toolbar. Obtain the changed host name and update the displayed current Online status and other information for that unit. |
Online |
Indicates whether the unit is online. If the green indicator is lit, the unit is online; if the red indicator is lit, the unit is offline. The Central Manager refreshes this status at the refresh interval that is specified in the central management configuration (1 minute by default). If an error occurred connecting to a unit, the error description can be viewed as a tooltip. Hover the mouse indicator over that unit's record in the management table. |
Inspection Engines |
Click the From here, depending on status, you might stop or start the inspection engine. The information that is displayed for each inspection engine is as follows (This information is fetched from the managed unit when the Refresh is pressed, not on every ping): Name - The name of the inspection engine. Protocol - The protocol that is monitored by the inspection engine: Oracle, MSSQL, Sybase, Informix®, or DB2® Active on Startup - Indicates if the inspection engine starts on system startup Exclude From IP - Indicates if the list of from-IP addresses is to be excluded (not examined). From-IP/Mask - A list of the IP addresses and subnet masks of the clients whose database traffic to the To-IP/Mask addresses the inspection engine monitors. Ports - The ports on which database clients and servers communicate; can be a single port, a list of ports, or a range of ports To-IP/Mask - A list of IP addresses and subnet masks of servers whose traffic from the corresponding client machine (From-IP/Mask) is monitored. |
Installed Security Policy |
The name of the security policy that is installed on the managed unit. This field is updated on every ping. |
Model |
The Guardium model number of the managed unit. |
Version |
The Guardium version number of the managed unit. |
Last Patch |
The last patch installed. |
Last Ping Time |
The last time that the unit was pinged by the Central Manager to determine the managed unit's online/offline status. |
Selected Units |
|
Group Setup |
Group Setup opens a new window that allows the user to maintain groups; creating new groups, removing groups, and associating managed units with groups. |
Unregister |
Unregister all selected units. |
Restarting |
|
Reboot |
Reboot the selected units. |
Restart portal |
Restart the selected portal. |
Restart Inspection Engines |
Restart the inspection engines of the selected units. |
Distribution |
|
Refresh |
Refresh the selected units. |
Install Policy |
The policy name is a link that opens a new window with the policy's detail. |
Patch Distribution |
Patch Distribution opens a new screen, display an available patch list with dependencies, and allow for the selecting of a patch and installing it to all selected units. Schedule a patch up to one year in the future. |
Distribute Uploaded JAR files |
Click . Then, enter the name of the file to be uploaded. Otherwise, click the Browse to locate and select that file. Upload one driver at a time. Click Upload. You are notified when the operation completes, and the file that is uploaded is displayed. This action brings the uploaded file to the Central Manager. Select a check box of the managed unit or units where these JAR files are to be distributed. Click Distribute Uploaded JAR files. |
Distribute Patch Backup Settings |
This setting distributes the following to selected units: PATCH_BACKUP_FLAG; PATCH_AUTOMATIC_RECOVERY_FLAG; PATCH_BACKUP_DEST_HOST; PATCH_BACKUP_DEST_DIR; PATCH_BACKUP_DEST_USER; PATCH_BACKUP_DEST_PASS |
Distribute Authentication Config |
Select the managed units that receive the distribution of the Central Management authentication. Click Distribute Authentication Config to distribute the authentication configuration to all managed units selected. |
Distribute Configurations |
The following configurations are distributed to sync parameters between the Central Manager and the managed units:
Some of these configurations do not take effect until the portal is restarted (Anomaly Detection, Session Inference). Other processes, such as the Alerter, need to be restarted, either directly through the admin portal of the managed unit, or by rebooting all relevant managed units from the manager. The Distribute Configurations does not restart the managed units. There is a separate icon for each managed unit to be restarted. Restart Portal restarts all of the selected units. After Distribution, a message will display saying that the managed units will need to be restarted for all the configurations to take effect on managed units. Each parameter that has scheduling has a second check box. When this second box is checked, this parameter's scheduling is distributed. See Distribute Configuration for information on selectively distributing configurations. Reboot or restart portal? Alerter Active on Startup check box. Each time the appliance restarts, the Alerter is activated automatically. GUI restart does not take the Active on Startup value. Distributing configuration from Central Manager to managed units needs a reboot on managed units to take full effect The Alerter to be manually restarted on the managed units through the admin portal (Admin Console/ Alerter). Since this restart cannot be done from the Central Manager, restart the managed units from Admin Console and get the same effect.
Anomaly Detection Active on Startup check box. Each time the appliance restarts, Anomaly Detection is activated automatically. GUI restart takes the Active on Startup value. Distributing configuration from Central Manager to managed units needs restart portal on managed units to take full effect
Session Inference Active On Startup check box to start Session Inference on startup of the Guardium appliance. GUI restart takes the Active on Startup value. Distributing configuration from Central Manager to managed units needs restart portal on managed units to take full effect
Results Export/System Backup/Data Archive/Result Archive/Data export Distributing configuration from Central Manager to managed units takes effect without restart of portal on managed units
Global profile Distributing configuration from Central Manager to managed units takes effect without restart of portal on managed units (Though using a different named template applies only when policy is installed.) |
Register New |
Opens the Unit Registration pane to register a new unit for management. |
Patch Installation Status |
The Patch Installation Status screen displays, for each unit, failed installations and discrepancies. For example, having one patch installed on part of the units only, regardless if it failed on other units or was not installed. |
icon to expand
the list of inspection engines; click the 
icon to
hide the list of inspection engines.Use the Central Manager to assign correlation alerts to individual managed units or managed unit groups
This new feature is for a managed environment.
It allows the central manager to assign correlation alerts to individual managed units or managed unit groups. You can either assign it to a unit or group or you can exclude it from a unit or group. You must also specify whether to run it on the Central Manager itself. The groups used are managed unit groups, the same types of groups that are used on the Central Manager page.
In the managed environment, on the Central Manager, the alert builder has a new section for "Managed Units". In this section, you specify either single units or groups of managed units to either include or exclude from an alert. You also specify with a checkbox whether that Central Manager itself is included or excluded. The default behavior matches the existing behavior: alerts run everywhere. If you specify that alerts should not run everywhere, verify that the alerts run where you specify. The UI includes four options for including/excluding single units or groups, and dialogs for selecting from the list of management groups and if desired, creating new management groups, or editing existing managed unit groups.
On the individual managed units, the alert builder does not show any section on managed units, only the Central Manager can assign alerts to units and groups.
If there are entries in the alert table on a given managed unit, there will automatically be a system generated group created to exclude that unit for each alert it is excluded from. This will occur when the alerts are started on that managed unit.
The alert panes on the anomaly detection page under admin console were used to enable/disable alerts locally. For this feature, the alert panes appear only on the Central Manager.
On the managed units, there is now a table showing active alerts and whether they are enabled.