What are the advantages and disadvantages of installing the CA Audit Client versus an iRecorder?
- If there is a very small system with only a few boxes (less than 5) outside a firewall;
and the Audit client is not wanted outside the firewall.
- Requires only one TCP port to be open through a firewall. (5250 TCP)
- A stand-alone iRecorder simply sends events - EVERY event.
- There is no filtering at the iRecorder level.
- The potential for high volume traffic is very great.
- Stand-alone iRecorders utilize .saf files for data storage. If they cannot send events to their assigned iRouter there is no way to limit the number of .saf files created. They have been known to fill hard drives and crash the server if there is a communication failure.
Full CA Audit Client
- It is Best Practice and generally recommended to install the Audit Client on all Servers.
(Router, Action Manager, Distribution Agent and iRouter, Recorders and iRecorders as needed)
- Through the use of policies, localized filtering can be run at the source and greatly reduce the event/network traffic flow.
- Use of the SAPI protocol provides encryption as close to the source of the event as possible.
- Provides the flexibility to monitor events as and when needed, without hard coding any configuration elsewhere in the IT area.
- Requires the use of port 8025 TCP for Policy Distribution and RPC port 111 or several fixed UDP ports (configurable) to be open through a firewall.
- Requires more disk space and hardware resources than a stand-alone iRecorder.