Testing Collectors in Sentinel 6



By: Pascal666

June 20, 2007 9:56 am

Reads: 243

Comments:0

Rating:0

This solution describes how to use the Sentinel 6 Syslog service to test collectors by using telnet and copying and pasting log data into the telnet session.

1. Log in to Sentinel 6 Control Center.

2. Click Event Source Management > Live View.

1808-2.gif

3. Right-click the Collector Manager you want to test the collector on and then select Add Event Source Server.

4. Select the syslog Event Source Server. If this is not listed, download it from http://support.novell.com/products/sentinel/connectors.html and import it by clicking on the buttton labeled ‘Install More Connectors’.

5. Click Next.

6. Make sure TCP is checked and choose a port. This can be the standard TCP port 1468 or you can choose any high port (e.g. 8888).

7. Click Next.

8. Click Next and change the name of the Event Source Server (optional).

1808-7_0.gif

9. Click Finish.

You should now see a new Event Source Server in ESM.

10. Right-click the Collector Manager and select Add Collector.

11. Select the collector you want to test and click Next.

12. Select the parser you want to test and click Next.

13. Configure the collector properties and click Next.

14. Rename the collector (optional) and click Finish.

15. Right-click the newly added collector and select Add Connector.

16. Select the syslog connector.

17. Select the newly added syslog Event Source Server and click Next.

18. In the Auto Configuration window, check the Active box and enter the local loopback IP address 127.0.0.1

19. Click Next.

20. Rename the connector (optional) and click Finish.

21. Right-click the newly added Syslog Connector and select Start.

The Syslog Server, Syslog Connector, and Collector should now be started (indicated by green icons and arrows).

22. Open up a CMD prompt and start a telnet session to the localhost on the port you configured the syslog Event Source Server to listen on.

This will create a new Event Source Object in ESM.

23. Right-click the new event source object and select Start.

The Syslog connector and Syslog Event Source are now listening on the configured port. This will allow you to enter any log data through your CMD window, which is running the telnet session.

24. You can open up a log file, copy content from it, and paste it into the CMD window.

Note that you will not see the copied events in the CMD window:

The events will be sent into the syslog connector, which relays them to the collector. The collector sends them into Sentinel, where you can see them in the Sentinel Control Center’s Active Views.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Sentinel, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment