Advantages and disadvantages of migration based on Message Numeric ID
Using the '-m NUMERIC' option creates CCS check expression based on Message Numeric ID.
The advantages of policy migration based on the Message Numeric is that if the ESM data collector cannot find the metadata for an ESM message in its Message Schema XML, it requests the ESM manager to format the messages. Hence, irrespective of the SU version of the ESM data collector, the CCS check is always evaluated as expected. The ESM data collector gathers the details from the ESM manager if an ESM agent with a higher SU reports a security message, which is new in the specified SU. In such a scenario, the CCS check is evaluated as expected even though metadata for that message is not available with the ESM data collector.
The disadvantages is that the Message Numeric ID is platform-dependent. Hence, the same check cannot be used across ESM agents that are installed on different operating systems.
Imported Document ID: HOWTO76791
Subscribing will provide email updates when this Article is updated. Login is required.