Knowledge Doc: [Standard Connectors] Checking the event source devices of a Syslog SmartConnector

 
0 Likes

Summary
This article indicates where to find the syslog.properties file that lists the event sources of a Syslog SmartConnector

Products
ArcSight Standard Connectors

Environment
Any version of Syslog SmartConnector.

Situation
To check which source devices are sending events to a Syslog SmartConnector do the following:

Resolution
This type of information can be found in the syslog.properties file.

To check this file, follow the next steps:

  • Go to the path <Connector_Install_Path>/current/user/agent
  • Open the syslog.properties with a text editor.
  • Inside the file, something like the below line should be displayed:
syslog.subagentdef=127.0.0.1\:generic_syslog,<FQDN>\:generic_syslog

This file tracks the type of subagent used to parse the events from each source device, either IP address and/or FQDN, that sends events to the Syslog SmartConnector.

Additional Information
<Connector_Install_Path>: SmartConnector Installation Path


Knowledge Base Article Link


URL Name
KM000017296

Labels:

Knowledge Docs
Comment List
Related
Recommended