New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
Absent Member.
Absent Member.
420 views

how to upload wmi logs to connector?

hi guys,

we didn't received any logs because of some error instances so the one solution we thought is to upload WMI logs to connector  to parse the content of logs, seeking for your help on how to upload logs on connector.

thanks in advance.

Labels (1)
0 Likes
5 Replies
Highlighted
Fleet Admiral
Fleet Admiral

Sounds like you are trying tom monitor connector health i.e. whether the connectors are up and sending messages?  There are a couple of different packages available here on Protect which you install on ESM to do this, alternatively if you are running 6.8c some of this functionality is built in under '<resource type>/ArcSight Administration/Connectors' and <resource type>/ArcSight Administration/Devices'

0 Likes
Highlighted
Absent Member.
Absent Member.

Hello renon

Would you please explain a little bit more about your problem? you did not receive logs from windows on WMI port,am i correct?

well there are some solution to solve this problem. first of all tell me the version of windows servers you use,,secondly , do you use firewall in middle?

i am waiting for your responses to go further..

thanks

0 Likes
Highlighted
Absent Member.
Absent Member.

Hi Neo,

actually we can't received logs because a misconfiguration of connector to logger, as of now the problem was resolved, we can received logs now. but we need to get the previous logs of wmi (october to january) but now we can received logs the moment we resolved the misconfiguration case (feb 10 up to now i received logs).is there any solution to get the previous logs?

Thanks,

0 Likes
Highlighted
Absent Member.
Absent Member.

Well in this case you must negotiate with Windows Servers administrator to see what he/she has about previous logs.

0 Likes
Highlighted
Absent Member.
Absent Member.

Hi Neo,

Actually, upon checking security and application logs is on servers. I saw some resolution here, i change the the agent.properties into false (agents[0].windowshoststable[103].startatend=false) but after restarting the container, i also didn't collect old logs. do i missed some configuration/setup? and how do we know if connector collect logs instead of checking on logger?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.