...
[[come back and work on this later]]
Additional Configuration for Event Reporting
To show other file details (not just the file hash) in the Application Event Reports, we recommend a few configurations.[[are there multiple configurations in this section or just one?]]
- From the Arellia Console navigate to the Configuration tab.
- From the Configuration tab, select Settings/Arellia / Infrastructure / Resource Discovery / Resource Discovery Agents.
- Right-click File Agent Discoverer, and select Enable.
- Right-click File Discoverer from ACS Events, and select Enable.
Resource discovery agents are on by default.
In production, what you will see is some file hashes without details. This is because the full loop process has not completed. By default, file inventory is 1 day, resource discovery update is 30 minutes, and Agent resource discovery is 12 hours so it can take a while to gather all the information. The gathering of file information is split into 3 parts in order to make events much more streamlined and scalable.
1.File Inventory - Not on by default. Policies tab - Arelia > file inventory this is done when an application executes or upon the file inventory schedule. The file hash and location is gathered locally on the client and the file hash sent to the SMP server.
2.Resource Discovery Update - Any hash that does not have resource details is schedule to be discovered for one machine. We optimize the client and server load by only assigning one system to gather that detail.
3.Agent Resource Discovery - Agents will pull down their jobs and determine what files need details to be discovered.
Warning | ||
---|---|---|
| ||
Changing the File Inventory, Resource Discovery Update, and Agent Resource Discovery configuration is not recommended outside a testing environment as it degrades system performance. It is only recommended so demonstration scenario results can be viewed immediately. |
You can also speed up this process by increasing the agent resource discovery interval. (Recommended for Demo environments only)
- Select Default File Inventory Policy (Arellia / Agents/Plug-ins / Arellia / File Inventory / Settings).
- Change the Interval to 10 minutes.
- Click Save.
- Select Default Resource Discovery Agent Policy (Arellia / Agents/Plug-ins / Arellia / Resource Discovery Agent Configuration).
- Change the Interval to 5 minutes.
- Click Save.
- Select Resource Discovery Update (Arellia / Infrastructure / Resource Discovery).
- Click New Schedule.
- Select At date/time.
- Set it to repeat every 5 minutes.
- Click Save.
For further details see Application Control Agent Configuration.