This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
jlf23_231
Absent Member.
Absent Member.
‎2015-07-13 16:50
619 views

Can the connectors be configured for D-Duplication?

Can the connectors be configured for D-Duplication?

0 Likes
Reply
Report Inappropriate Content
5 Replies
john.petropoulo1
Absent Member.
Absent Member.
‎2015-07-13 17:03

No they can’t.

To de-dup events the connector would have to have a very accurate understanding of how a device behaves under specific conditions. Today, the connector only categorizes events in very general terms, and doesn’t provide any logic on pulling out the single event that is interesting while suppressing the rest.

This is further complicated if you think about the event mappings and the required fields for proper reporting and correlation. Some products provide a single event that is very useful, however many split the information over several events and require upstream correlation/tracking.

/J

0 Likes
Reply
Report Inappropriate Content
MaryCordova
Ensign
Ensign
‎2016-03-14 17:58

Aggregation could achieve some similar results to de-duplication couldn't it?

0 Likes
Reply
Report Inappropriate Content
andrew.dalbor
Admiral Admiral
Admiral
‎2016-03-14 18:05

Agree with Mary on that one.  Aggregation would achieve pretty similar results depending on the aggregation conditions.

0 Likes
Reply
Report Inappropriate Content
prentice@hpe.co
Vice Admiral
Vice Admiral
‎2016-03-17 22:32

That depends on what you consider duplication.

If you are talking about a log entry from a single device being collected more than once, that shouldn't happen (ideally, but it can...).

If you are talking about a log entry from a single device that the device keeps repeating, the connector can't do much about that.

If you are talking about a group of devices creating multiple copies of the same log entry, you've got other problems (and no, the connector isn't going to help).

Aggregation will not dedupe events. It will collect very similar log entries over a small time period and send a single event with an aggregation count based on the number of log entries, but that is not deduplication.

Apologies for being pedantic, but it seems like it was needed.

0 Likes
Reply
Report Inappropriate Content
jdickinson@hpe.
Captain Captain
Captain
‎2016-03-31 23:00

Event duplication in connectors usually happens because there are multiple destinations in one connector registered and forwarding events.  1 destination is likely forwarding to a logger that in turn is forwarding to the ESM.  The other destination is registered to the ESM and is also forwarding events.  Look at the event in question there should be 2 different event id's and 2 different original agent id's. if the same event has different event id then it is actually 2 entries in the database.  If it also has 2 original agent id's then it is coming from one of the other destinations in the connector.

Alternatively event duplication could be confused with event aggregation. If the log has many similar events that seem to be the same.  these can be aggregated so that 1 event is sent to the ESM with a aggregated event count of 1 or more.

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.