Filter
Top Products
107Migrating to the latest version
Checklist for migrating from Symantec Intruder Alert
System Protection authoring environment (and eventually conditionally
applied to your Symantec Critical System Protection agents).
See “Migrating legacy detection policy files” on page 111.
The policy conversion process automatically migrates your existing
Symantec Intruder Alert registry and event log settings, but you will need to
manually reenter any custom files under observation into the file lists in
the following policies:
■ Host_IDS_File_Tampering policy
■ Template_FileWatch policy
■ Your own custom file-watching policy
■ The following features of the Symantec Intruder Alert agent are not
supported in Symantec Critical System Protection:
■ SNMP, email, and pager alerts (SNMP and email alerts can be
configured in the Symantec Critical System Protection management
console, whereas pager is no longer supported)
■ Global flags
■ Logging to files on other agents
■ Shared actions
■ C2 and Process Accounting collectors
■ Plan how to migrate your Symantec Intruder Alert agents to Symantec
Critical System Protection.
As previously noted, you cannot migrate Symantec Intruder Alert agents
that run on client platforms not supported by Symantec Critical System
Protection. You should record the policy settings for each group of agents
(and each ungrouped agent), noting the stock policies and the custom
policies that are applied. You should be able to find equivalent Symantec
Critical System Protection policies for the Symantec Intruder Alert stock
policies that you applied.
Uninstall the Symantec Intruder Alert agent, and install the Symantec
Critical System Protection agent on each client to be migrated. You should
have pre-configured your Symantec Critical System Protection groups
using the Symantec Critical System Protection management console,
placing the appropriate stock and custom policies in each group and
configuring the policy option settings.
■ If you were performing event forwarding in Symantec Intruder Alert,
perhaps you can configure the Symantec Critical System Protection
database to do this for you.