Knowledge Partner
Knowledge Partner
360 views

Windows Servers via SAM show up twice in event sources

Hi.

Deployed SAM to a W2012R2 Server and another Windows Machine yesterday,
connecting to Sentinel 7.3.1 Appliance.

Both Machines show up twice in ESM, once under "Microsoft Active
Directory and Windows" (updated the collector to 2011.1r6), and a second
time under "NetIQ Universal Event"

On top, most if not all current Events coming from these Servers
(standard windows event log stuff like services starting and stopping)
are shown in Sentinel as "Event source not in other category: NetIQ
Universal Event"

Ideas?

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Windows Servers via SAM show up twice in event sources


this is correct; The NetIQ universal event is how System and Application
logs are seen with Sentinel. If you are collecting those events it will
show up under NetIQ Universal Event and if you were collecting IIS/SQL
or similar it would show up there as well.

CE


--
Elliscs
------------------------------------------------------------------------
Elliscs's Profile: https://forums.netiq.com/member.php?userid=7783
View this thread: https://forums.netiq.com/showthread.php?t=54549

0 Likes
Knowledge Partner
Knowledge Partner

Re: Windows Servers via SAM show up twice in event sources

Am 03.11.2015 um 19:04 schrieb Elliscs:
>
> this is correct; The NetIQ universal event is how System and Application
> logs are seen with Sentinel. If you are collecting those events it will
> show up under NetIQ Universal Event and if you were collecting IIS/SQL
> or similar it would show up there as well.


Thanks, but of course that raises the question, what exactly the
"Microsoft Active Directory and Windows" collector is there for? I seem
to be missing something...

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.