Anonymous_User Absent Member.
Absent Member.
340 views

collecting logs from Application and Systems


version: SLM 1.2.0.2

Question:
Why SLM is not receiving other logs(Application, System etc) ?
How can SLM receive other Logs(Application, System etc) ?


Scenario:
WECS and Event Sources are part of same Domain.
WECS service is configured to run as Domain Administrator Account(I
know its a very bad practice), also the Connector is running via same
Domain Administrator account.
As I have used the Domain Administrator account, therefore I skipped
the 'Permission Assigning(WMI, DCOM, Event Log Security permissions)'
part of WMI connector document.

Now SLM is receiving logs from Windows Event Sources(win2k8)... but
only "Security Logs".. as I did nothing in terms of assigning
permission(event log security).. but using/leveraging the Domain Admin
account SLM is receiving Security logs.


--
sharfuddin
------------------------------------------------------------------------
sharfuddin's Profile: http://forums.novell.com/member.php?userid=63087
View this thread: http://forums.novell.com/showthread.php?t=454552

0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: collecting logs from Application and Systems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is the default log. Sentinel, and Log Manager as well, are geared
toward security events from all products. General logging can be done
with Log Manager and Sentinel 7, but that's not the area of focus
because, really, who cares when the following messages happen:

Apr 12 07:10:37 localhost dbus[1142]: [system] Activating service
name='org.freedesktop.PackageKit' (using servicehelper)
Apr 12 07:10:37 localhost dbus-daemon[1142]: dbus[1142]: [system]
Activating service name='org.freedesktop.PackageKit' (using servicehelper)
Apr 12 07:10:37 localhost dbus-daemon[1142]: (packagekitd:27209):
PackageKit-Zypp-DEBUG: zypp_backend_initialize
Apr 12 07:10:37 localhost dbus-daemon[1142]: dbus[1142]: [system]
Successfully activated service 'org.freedesktop.PackageKit'
Apr 12 07:10:37 localhost dbus[1142]: [system] Successfully activated
service 'org.freedesktop.PackageKit'


As a result most of the plugins automatically configure themselves for
security events. In the case of microsoft's windows any product on a
system can write to the Application log. Obviously the collector for
windows is not written to handle any event from any product that ever
rolled off of any developer's fingers, so picking up data from
Application doe snot typically make a lot of sense, though you are
welcome to add functionality to a collector by customizing it. You can
even tell your current setup to pull from other event logs (Application,
System, etc.) but the events from there will probably end up as unparsed
events (generic-looking things that do not really add a lot of value to
the system, but at least you could have them). Look at the Event Source
node's properties and you'll find where it is configured to pull from
the Security event log. Modify it to handle others as well. I think
this is all documented in the connector documentation, or maybe the
collector documentation.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPhtXzAAoJEF+XTK08PnB5chwQAJQIDIS+LWviPJHKE4I0A47P
o2h2Ouf8O1QCxY8eLuqY2eb9fLX3cVx03R+puk9BWWG13xTTKaXqW3KuQ5YX+KFN
LUE0Qcl7hmuvCsV6YKM96yZQDinRIxrjOdmeGgzi691p2yuLwqGbPL77GqZx1Qdr
L7WHiHNoUH6HI4Uc6WNOEn0VgVlPFDoBCqowIhU56c1cTiHB7xISqxBHKVgDk6IG
cC10iAv1ATzM1lJAE4mdocDWR0qiUN/tVee8ymv2KQRwWjWAsH8VZgCAklwK8sHI
Zw93ZrLdCR5Tg6b4BoT/+QG+czDFx+jK4OZeuFQwJcXLTZ0r3cdUFax040nV9T75
gat5Xkn+63jwHd2VMNlC0CFSQjVpkI668jsl5yL2Y1F//pzbsClqoB6ZMljErJwg
FQBioHDgau/19LJmb+UHpx0ZV5oFdahyLrgjGWTt8UfEZCjwgSaS+TsjAmkrVdVh
JIporoajtm5OGMrqqSGexIum48lMdmQF/24/je8dpScD1hm91YZ8lZnnhCAcBW/u
vtUOYsHCPdyhZmkt8kGoZvv+zUOXJSV1SHYWBbUyKoKOndCILoO1kU5kiVlSKCzx
y1kARkvegZNhwQCmOB8kuBGaS/jDxhEaOUD/YYN7/uhbIluX50V2ObJdTTlzXIvk
kQgw7SW7BywMgmN856SM
=nLnW
-----END PGP SIGNATURE-----
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.