Community in read only mode June 18 & 19
This community will be set in READ ONLY mode for a while on Tuesday June 18 into Wednesday June 19 while we import content and users from our Micro Focus Forums community site. MORE INFORMATION
dmaas Absent Member.
Absent Member.
244 views

Logger Reports

I am in a need of a way to gather information on what Linux servers have or are currently sending syslog data to our ArcSight solution. I know I can do a query in Logger with identifying each Linux server name but this would be tedious. I am wondering if there is a way to do this with the reporting within the logger itself?

Any details suggestions would be helpful

Thanks

Labels (1)
0 Likes
Reply
8 Replies
Micro Focus Expert
Micro Focus Expert

Re: Logger Reports

David-

Can you post that search query in here?

It shouldn't take that much to transform your search query into a report query.

Regards,

Aaron

0 Likes
Reply
dmaas Absent Member.
Absent Member.

Re: Logger Reports

Very simple, all I am doing is a deviceProduct – “Unix”

I am not very familiar with the report section in Logger, it looks overly complicated to setup a report from scratch.

Thanks

0 Likes
Reply
Super Contributor.. bdeerinwater Super Contributor..
Super Contributor..

Re: Logger Reports

No sure if this help but I am having the same issue learning the logger reporting. I am using the Logger admin guide and it is helpng. You need to start by creating a new report and creating a query. I am not sure if this is completely right but it may help.  Also if you do not know sql query language there are severl websites out there that explain the syntax.

SELECT

events.arc_deviceReceiptTime "Time", events.arc_sourceHostName "Server Name",

FROM events

WHERE events.arc_deviceProduct LIKE "Unix"

0 Likes
Reply
Micro Focus Expert
Micro Focus Expert

Re: Logger Reports

It turns out that all that was needed was a search query like this:


deviceProduct=Unix | chart count by deviceHostName | sort deviceHostName




0 Likes
Reply
tbarella1 Absent Member.
Absent Member.

Re: Logger Reports

This Logger Report Query will meet your needs.  Please test it "as is" first and then adjust it to your liking if needed (such as ordering by hostname instead of IP Address):

SELECT  events.arc_deviceVendor "Device Vendor", events.arc_deviceProduct "Device Product", events.arc_deviceAddress "Device Address", events.arc_deviceHostName "Device Hostname", SUM(events.arc_baseEventCount) "Event Count"

FROM    events

WHERE events.arc_deviceVendor = 'Unix'

GROUP BY events.arc_deviceVendor, events.arc_deviceProduct, events.arc_deviceAddress, events.arc_deviceHostName

ORDER BY events.arc_deviceAddress, events.arc_deviceHostName



0 Likes
Reply
dmaas Absent Member.
Absent Member.

Re: Logger Reports

Hi,

I did use this query and it seem to work, however when I ran it for 30d I recevied the same # of host if I ran it for 1 day. I verified that there are others by looking up manually one server that was not on the generated report. This leads me to believe that I am not getting all of the systems in the report.

0 Likes
Reply
dmaas Absent Member.
Absent Member.

Re: Logger Reports

If I input this into the query window it does not accep it. Granted I am no query expert and maybe me doing something incorrectly.

0 Likes
Reply
Highlighted
tbarella1 Absent Member.
Absent Member.

Re: Logger Reports

When you run the report, don't forget to set the Scan Limit to 0. 

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.