hareez_12 Absent Member.
Absent Member.
291 views

Reconfigure/reset/factory_reset sentinel collector


Hi All,

Sorry i tried to find a way to reconfigure/reset/factory_reset sentinel
collector, using existing virtual image. But cannot find any of it.

Is there any other way to reconfigure/reset/factory_reset sentinel
collector without using new image or got linux script can make it done.

The problem here, is when we tcpdump we can see the security device
traffic at remote sentinel collector, but at sentinel server the traffic
not shown.

Thank You in Advance.

Regards


--
hareez_12
------------------------------------------------------------------------
hareez_12's Profile: https://forums.netiq.com/member.php?userid=10292
View this thread: https://forums.netiq.com/showthread.php?t=54585

0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: Reconfigure/reset/factory_reset sentinel collector

On 11/03/2015 09:01 PM, hareez 12 wrote:
>
> Sorry i tried to find a way to reconfigure/reset/factory_reset sentinel
> collector, using existing virtual image. But cannot find any of it.


You could delete the collector from Event Source Management (ESM) and then
recreate it, of course.

> The problem here, is when we tcpdump we can see the security device
> traffic at remote sentinel collector, but at sentinel server the traffic
> not shown.


Do you mean a remote Collector Manager? A Collector is just code that
runs within Sentinel to parse received events, and as such it cannot be
remote to Sentinel, though it can be in a dedicated (sometimes called
"remote") Collector Manager.

If you see events going to a Collector Manager but you then do not see
those events in the searchable events we just need to figure out at what
point they are filtered out. There was a recent thread about SLES events
which has some troubleshooting steps for that: "How to troubleshoot
missing events?" https://forums.netiq.com/showthread.php?t=54547

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.