Downloadable files
Abstract
TSOM 4.1.1 Device Rules Update Package for both the CMS and EAM(s)
Download Description
The following is a cumulative device rules update package - to be leveraged by the TSOM 4.1.1 Update Utility - as to update the EAM rules and CMS sensor-based tables.
ADVISORY
- There have been updates to the UCM.CFG file, please download and review.
- There have been updates to the README file with an overview to leverage new device support for: Oracle 10g audit logs, IBM AIX 5.x-6.1 audit logs, support for Bluecoat via UCM logs.
- Before applying this update to any EAM, check for the existence of:
TSOM_INSTALL_HOME/conduits/syslog/devices/SourceFire.pm
If this file exists, delete it as it is a replica of Sourcefire.pm
- If custom support for a device is being developed within a TSOM 4.1.1 deployment, it is imperative that a sensor_type_id of 10,000 or greater is used when populating the sensor_type table. To further clarify, IBM TSOM reserves sensor_type_id values of 1 through 9,999 for internal purposes. If any sensor_type_id - for custom device support rules - has a value that is less than 10,000, IBM TSOM Device Rules may not deploy properly.
- Device rules package includes experimental rules that are disabled by default. Before usage they have to be explicitly enabled in device rules configuration file. See README for more details.
Installation Instructions
Download the DeviceRules-20120622.jar file and store it to the CMS and all EAMs.
Note: EAM on Windows operating system does not support Device Rules written in Perl language, only Java based Device Rules are supported.
Installation instructions for TSOM 4.1.1 with Fix Pack 10 and above
UNIX, Linux and Windows; applies to CMS and EAM:
- The Device Rules Package must be upgraded consistently on all EAMs and on CMS.
- For every EAM and CMS, follow the steps below:
- Ensure you have root or Administrator access permission while upgrading the Device Rules.
- Stop the server before proceeding.
- Go to the directory where TSOM (<TSOM_HOME>) is installed and copy downloaded Device Rules Package DeviceRules-20120622.jar to the subdirectory devicerules_repository.
- Launch script devicerules_install.sh on UNIX or Linux or devicerules_install.bat on Windows, providing path to the Device Rules Package.
- On UNIX or Linux: ./bin/devicerules_install.sh -file devicerules_repository/DeviceRules-20120622.jar install
- On Windows: .\bin\devicerules_install.bat -file devicerules_repository\DeviceRules-20120622.jar install
- After successful installation, restart every EAM and CMS so that the updated rules can be used.
Installation instructions for TSOM 4.1.1 prior to Fix Pack 10; UNIX and Linux
Applies to CMS and EAM:
- The Device Rules Package must be upgraded consistently on all EAMs and on CMS.
- For every EAM and CMS, follow the steps below:
- Ensure you have root access permission while upgrading the Device Rules.
- If you have not already done so, go to the directory where TSOM is installed (<TSOM_HOME>) and correct <TSOM_HOME>/bin/dev_support.sh script as described below in the note. Otherwise the Device Rules Package will not be installed correctly.
- Copy the Device Rules Package DeviceRules-20120622.jar to a convenient location.
- Go to <TSOM_HOME> directory and launch dev_support.sh script providing the absolute path to the Device Rules Package as an argument :
- ./bin/dev_support.sh -if /absolute/path/to/saved/DeviceRules-20120622.jar
- After successful installation, restart every EAM so that the updated rules can be leveraged.
NOTE: Due to the defect in ./bin/dev_support.sh script, it will not install Device Rules Package correctly.
Steps to fix bin/dev_support.sh script:
- To fix this issue, edit ./bin/dev_support.sh script
- In lines 99, 120 and 428 replace string 200* by string 20*.
- After doing so, the corresponding lines should look like:
- CURPKGVER=`ls -d ${DEV_SUPPORT_BASE}/20* 2>/dev/null | sort -r | head -1 | awk -F/ '{print $NF}'`
Installation instructions for TSOM 4.1.1 prior to Fix Pack 10; Windows
EAM
- Windows EAM users can extract the Java rules from DeviceRules-20120622.jar archive and copy them to the directory: <TSOM_HOME>\conduits\<conduit name>\rules\system\
- After the files are copied, make sure to restart EAM.
CMS
- Windows CMS users can extract the file DeviceRules-current.sql from the DeviceRules-20120622.jar archive which defines database content modification for Device Rules Update.
- Apply manually the TSOM database changes as defined by DeviceRules-current.sql in the way appropriate for your database system.
Download package
| Download | RELEASE DATE | LANGUAGE | SIZE(Bytes) | Download Options What is Fix Central (FC)? |
|---|---|---|---|---|
| Device Rules 2012/06 README | 2012-06-22 | English | 36130 | FC FTP |
| Device Rules 2012/06 ucm.cfg | 2012-06-22 | English | 81436 | FC FTP |
| Device Rules 2012/06 | 2012-06-22 | English | 830796 | FC FTP |
Product Alias/Synonym
TSOM
Problems (APARS) fixed
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.