Creating Symantec Security Information Manager SEP Sensor for the embedded Sybase Sensor
Article ID: 177309
Updated On:
Products
Security Information Manager
Issue/Introduction
You are trying to configure the SEP Sensor and have some questions.
Symptoms
If the collector is installed on a machine remote from the Sybase database you will see error message in the SEP_collector_log file:
Cannot create connection to database
Follow by:
Sensor thread [Sensor 0] failed to open device
Symptoms
If the collector is installed on a machine remote from the Sybase database you will see error message in the SEP_collector_log file:
Cannot create connection to database
Follow by:
Sensor thread [Sensor 0] failed to open device
Resolution
You must first run LiveUpdate and update the SEP collector and the update should be dated 8/15/2008 or later.
Page 15 of the SEC for SymEndpoint_43.pdf and SEC for SymEndpoinStatet_43.pdf say to extract the jdbc driver for Sybase to the collector computer for example: C:\JDBC. However what ever path you extract the jdbc drivers to you must have all the files from the \jConnect-6_05\jConnect-6_0\classes folder in the path.
If you are sure you have the correct Sensor configuration and you check the log files for the SEP collectors and see entries stating the path to the jdbc drivers are incorrect it could be because you are using the default config.xml that installed with SEP collectors. To correct this you must copy the correct config.xml file for the SEP embedded database to the ..\Event Agent\collectors\symcep\ and ..\Event Agent\collectors\symcepstate folders. The correct file is in the ..\utils\Sybase Mode folder in the set of install files for the collector.
Attached is a sample configuration you can import into the SEP Configuration and see the URL and path for the jdbc drivers.
Note: Please review the Symantec Endpoint Collector Quick Reference Guides before you begin to deploy these collectors, they are very complicated and have multiple ways to configure them.
Note: Gathering events remotely from embedded Sybase database is not supported by SEP. There are Sybase utilities that are not installed with the embedded Sybase database that must be available for remote connections and events gathering. For SSIM 4.5.x and SSIM 4.6.x this means that you cannot use the On-Box collector for SEP if you are using the embedded Sybase database.
Page 15 of the SEC for SymEndpoint_43.pdf and SEC for SymEndpoinStatet_43.pdf say to extract the jdbc driver for Sybase to the collector computer for example: C:\JDBC. However what ever path you extract the jdbc drivers to you must have all the files from the \jConnect-6_05\jConnect-6_0\classes folder in the path.
If you are sure you have the correct Sensor configuration and you check the log files for the SEP collectors and see entries stating the path to the jdbc drivers are incorrect it could be because you are using the default config.xml that installed with SEP collectors. To correct this you must copy the correct config.xml file for the SEP embedded database to the ..\Event Agent\collectors\symcep\ and ..\Event Agent\collectors\symcepstate folders. The correct file is in the ..\utils\Sybase Mode folder in the set of install files for the collector.
Attached is a sample configuration you can import into the SEP Configuration and see the URL and path for the jdbc drivers.
Note: Please review the Symantec Endpoint Collector Quick Reference Guides before you begin to deploy these collectors, they are very complicated and have multiple ways to configure them.
Note: Gathering events remotely from embedded Sybase database is not supported by SEP. There are Sybase utilities that are not installed with the embedded Sybase database that must be available for remote connections and events gathering. For SSIM 4.5.x and SSIM 4.6.x this means that you cannot use the On-Box collector for SEP if you are using the embedded Sybase database.
Attachments
Feedback
Yes
No
Powered by
