There is a need to use a CCS Manager to do Message Based Data collection.
Note: This document assumes that the CCS Manager used to collect Message Based data (ESM type) is going to be (or is) freshly installed on a system that does not have Message Based data collection already in place. If there is already an existing CCS Manager that will be used, or if MBC data collection is already turned on, then certain steps can be skipped over. There is also an upgrade from earlier ESM manager scenario that is not covered by this document.
Also this is irreversible once done, so make sure this is something that you need to do.
1. Install CCS Manager (need cert from Directory Server's Certificate Manager console) 2. Turn on Message Based Data collection (if not already done) in CCS console under SETTINGS\GENERAL under the Application Configuration section in left side panel....select Standards and the checkbox to enable MBC is in right side of screen. 3. If this is a new CCS 11 install (e.g. no PUs or SCUs applied), run or re-run the Content installer to install the Message Based (MBC) content. This will install Message based standards, etc. 4. After MBC turned on in CCS, in the CCS console go to SETTINGS\System Topology\Map View and use Infrastructure Tasks to register the new CCS Manager. 5. Once the CCS Manager is in the map view, edit it's settings and in the left side panel select BASIC under the Symantec CCS Manager area. a.) Check the ESM Data collector to be enabled. b.) At the bottom of the screen under the "Configure Message Based Content" you will see a prompt to enter the ESM superuser account's password for this ESM manager (Note: This only appears one time for new brand new CCS managers when first configured). Enter the ESM superuser password that will be used to connect to the ESM manager from the ESM console. Save settings. c.) Re-edit the settings and then configure the ESM Data collector to point to the ESM manager that is local on that box. Ensure to set the "Configure Policy Run Options" button to either launch a new ESM policy (when a corresponding standard is run) or to gather info from existing policy runs.
6. Install ESM Console (prefer 11.03 version or newer as it can use the CCS Content maintenance license for liveupdate license in ESM console). 11.03 can be found here: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=ccs&pvid=pgu&year=&suid=20130509_00) 7. Attach ESM 11.03 console to ESM 11 (AKA CCS Manager) manager (see ESM admin guide for specifics). a.) In the ESM console, install ESM license (should be in SLF file for CCS). NOTE: The ESM license is required to register agents or to run policies. b.) Once installed, then distribute the appropriate number of agent licenses to the ESM manager (see ESM Administration guide provided in CCS 11 base media under the ESM Components folder under the documents folder there). c.) In the ESM console, install the CCS Content Update license into the ESM liveupdate wizard so that it can bring down MBC content updates from the internet (see ESM Admin guide) 8. On the CCS Manager's OS, bring up a command window AS Administrator and navigate to the ....Symantec\CCS\Reporting and Analytics\ESM\config folder. Edit the importcontent.config file to Remark out any OS (of agents) that you are not going to be registering to the ESM manager. 9. In the command window, navigate to the Symantec\CCS\Reporting and Analytics\ESM\bin\<os_type> folder and run the following command to import the original content into the ESM manager. Once this is done you should be able to re-attach to the ESM manager with the ESM console and then see the default policies, templates, etc. importcontent -L su -m <CCS manager's hostname> -U ESM -P <password assigned in step 5b above>
10. Re-launch the ESM console and confirm that the Policies and templates folders in the ESM console now expand and contain items. If so then the ESM manager is ready to load policies on, matching the various CCS shipped standards (see ESM Components\Policies folder for installers for various policies that may match similarly shipped Message Based standards that are in the CCS console....after performing step 3 above). 11. Register CCS Agents or earlier ESM agents to the CCS manager. The CCS Agents must be registered for Message Based registration and you will need to supply the ESM superuser account and password during the registration on the agent (NOTE: Another account can be created just for registration that is not a superuser account.....see ESM admin guide).
Final Note: ESM policies can be converted to CCS Standards using the Policy to Standard conversion utility, and imported into CCS. There are also shipped message based standards in CCS that will be available after step 3 above in CCS, however then a corresponding ESM policy must be installed and visible in the ESM console. Also the last few steps will need to be done on each new CCS Manager that will be running message based data collection.
CCS 11.x. CCS Manager not currently configured to do message based data collection (i.e. non-upgrade from existing ESM manager)