Very less events from DNS server. What properties needs to be changed to query the file frequently?

Hi Team,

We have integrated DNS via file reader connector. We also have configured log stoppage rule as well. We are observing log stoppage alert very frequently since the file isn't queried frequently. 

What parameters needed to be changed so that as soon as file is updated, our connector reads it and sends logs to our Console?

Please help.

Regards,

Mitesh Agrawal

Parents
  • Hello Mitesh,

    First of all, I would recommend checking the Flex Connector Developer's guide, especially the part "File Connector Parameters" - page 207.
    https://community.microfocus.com/t5/ArcSight-Connectors/ArcSight-FlexConnector-Developer-s-Guide/ta-p/1584874?nm=&attachment-id=76956
    Here you have all the parameters that you can try changing according to your needs.

    If you want the connector to keep reading the events as soon as they are written in the file, then you have to set to option to read it in real-time:
    agents[0].processingmode=realtime

    If you already have this set or if it doesn't work after setting so, then check in the logs if you have any ERROR or FATAL messages at the time you notice the log stoppage.

    I hope this helps.

    Regards,
    Kresimir

  • The processing mode is set in realtime only but the logs itself aren't written in the dns file.
Reply Children
No Data