Semi-Real-Time BSM SmartConnector
I need to install BSM SmartConnector on one Solaris 10. but it will read BSM logs from another Solaris 10 (I will name it as client).
In the client we are not able to install anything and we cannot share bsm logs directory as NFS (because of security).
Does anyone have similar situation.
We are thinking to get the client bsm logs through SFTP script to the server where we have installed SmartConnector and then process them. We will have to copy, then rename it as .not_terminated, and then rename it again.
In this situation how can we monitor when SmartConnector finished reading the logs? We need to monitor it throught bash script. SmartConnector will be running all the time, we cannot stop and start it every time we copy the logs file.
With this deployment we are trying to have semi-real-time, so we will get new bsm audit file every (3-5 minutes).
Any idea will be welcome.
Thanks and regards.
Re: Semi-Real-Time BSM SmartConnector
If I understood this correctly, all you want is to be able to monitor the connector so that you know when it has finished parser the log files. Is it correct?
If I remember correctly, the connector should generate an internal event saying it completed a file, you can use this event to track what the connector is doing.
Also, you can configure the connector to rotate and delete logs for you if required.