HPE Tandem

You can integrate an HPE Tandem device with JSA. An HPE Tandem device accepts SafeGuard Audit file events by using a log file protocol source.

A log file protocol source allows JSA to retrieve archived log files from a remote host. The HPE Tandem DSM supports the bulk loading of log files by using the log file protocol source.

When you configure your HPE Tandem device to use the log file protocol, ensure that the hostname or IP address that is configured in the HPE Tandem device and in the Remote Host parameter are the same.

The SafeGuard Audit file names use the following format:

Annnnnnn

The single alphabet character A is followed by a seven-digit decimal integer nnnnnnn, which increments by 1 each time a name is generated in the same audit pool.

You are now ready to configure the log source and protocol in JSA.

From the Log Source Type list, select HP Tandem.
To configure the log file protocol, from the Protocol Configuration list, select Log File.
From the Event Generator list, select HPTANDEM

Note:
Your system must be running the current version of the log file protocol to integrate with an HPE Tandem device:

For more information about HPE Tandem, see your vendor documentation.

For more information about configuring the Log File protocol in JSA, see Log File Protocol Configuration Options.

HPE Tandem Sample Event Message

Use this sample event message to verify a successful integration with JSA.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

HPE Tandem Sample Message when you use the Syslog Protocol

The following sample event message shows that permission to attempt the requested operation is denied.

Table 1: Highlighted Values in the HPE Tandem Sample Event
JSA field name	Highlighted values in the event payload
Event ID	ZSFG_VAL_OPER_UPDATE
Event Category	ZSFG_VAL_OUTCOME_DENIED
Username	USERNAME
Log Source Time	18 Sep 2012 22:32:28