Every check in a CCS 9.0 ESM standard is mapped to an ESM policy. A CCS 9.0 ESM Standard can be mapped to one or more ESM policies. Policy run options let you specify the data that the ESM data collector should collected for a given policy.
The default setting for all policies is "Do not run policy, collect data from last successful policy run." However, you can add exceptions to the default setting by adding an entry in the policy run settings for each policy that you want to customize. The ESM data collector executes a policy run on the basis of the policy run configuration.
You can configure the number of messages that you want ESM data collector to fetch for each policy run. The Symantec.CSM.ESM.Integration.dll.config file contains the MaximumPolicyRunMessageCount parameter, where you can specify the value for the message count. The Symantec.CSM.ESM.Integration.dll.config file that is located in the following location:
<Install_Directory>\CCS\Reporting and Analytics\DPS\Data Collectors\ESM
The ESM data collector collects policy run data on the basis of the policy run configuration. The ESM data collector does not verify the agents and the modules in the policy run when it fetches the latest policy run data. The data collections job completes successfully even if the selected policy run does not contain the modules or the agents that you have specified. However, the result for the data collection job displays the corresponding errors if the policy run data is not present on the ESM manager.
The available modes for data collection are:
To add or modify an ESM policy
In the ESM Policy Configuration dialog box, click Add to add a policy configuration.
In the Configure policy dialog box, in the Policy name text box, type the ESM policy name.
In the Policy run option area, click any one the following options:
Click Do not run policy; collect data from the last successful policy run, if you want the ESM data collector to collect data from the last successful policy run without executing a new policy run.
Click Run policy before data collection, if you want the ESM data collector to execute a policy run on ESM agents and collect latest data that is fetched by the ESM manager.
Click Run policy if data is older than <number of > days , if you want the ESM data collector to execute a policy run if the stored data is older than the number of days specified.
The minimum value that you can specify is 1 day. The maximum value that you can specify is 65535 days.
During data collection, the ESM data collector retrieves the timestamp of the last policy run of the selected agents for the modules that you specify. The ESM data collector then compares the most recent timestamp with the current time on the DPS computer. The ESM data collector imports the messages from the last policy run if the difference in the number of days is less than the value that you specify in the Run policy if data is older than <number of > days text box. The ESM data collector initiates a new policy run if the difference in the number of days is higher than the value that you specify. The ESM data collector then imports the policy run data to CCS 9.0.
Consider that the 'Security essentials W2K3MS v2.0' policy includes the 'Account Integrity' and 'Password Strength' modules. Consider the two agents: 'W2k3Server1-USA' and 'W2k3Server2-USA.' You have run all the modules of 'Security essentials W2K3MS v2.0' on both the agents on 28th September, 2008, at 11:00 a.m. Later, you fix certain violations and then run only the Password Strength module of 'Security essentials W2K3MS v2.0' policy on W2k3Server2-USA on the 29th September, 2008, at 01:00 p.m. You schedule a data collection job on the 30th September, 2008, at 11:00 a.m. to collect data for ESM agents W2k3Server1-USA and W2k3Server2-USA for the same policy and the modules. In CCS 9.0, you configure the ESM policy 'Security essentials W2K3MS v2.0' as 'Run policy if data is older than 1 days.'
During data collection, ESM data collector retrieves the timestamp of the last policy run of the selected agents for all the selected modules. The following table displays the policy run timestamp for the 'Security essentials W2K3MS v2.0' policy on W2k3Server1-USA and W2k3Server2-USA agents.
The most recent timestamp of the values that the ESM data collector retrieves in this case is 29th September, 2008, 01:00 p.m. Assume that the data collection job is initiated as per its schedule. The ESM data collector compares the 29th September, 2008, 01:00 p.m. timestamp with the current timestamp on the DPS computer, which is 30th September, 2008, 11:00am. Since the data is not older than 1 day, the ESM data collector imports the messages from the last policy run from all the ESM agents.
More Information