Why am I not getting events in my Sentinel server?
I have seen many people saying that they are not getting events in their Sentinel Server even after all installation and configuration of Platform Agent and Sentinel server are successfully done. When I looked at their environment, many a times I found the common mistake in almost all the environment. The mistake is communication port mismatch. Client side Platform Agent will be trying the connection on one port and other side Sentinel server (Audit Connector) will be listening on different port. For example, Platform Agent will be trying to communicate to the Sentinel server on port number 1289 where as Sentinel server will be listening on port number 289.
How to change the communication port at the client side (Platform Agent) and Server side (Sentinel)?
Steps to change the communication port number in the Audit Connector (Sentinel Server).
- Log on to Sentinel Control Center and open ‘Live View’ of ‘Event Source Management’.
- Right click on ‘Audit Server’ and select ‘Edit’
- At the bottom of the new pop-up window, you will find ‘Port’ section
- Enter the port number in the text box provided in front of the ‘Port Number’ label.
- Make sure you give the same port number on what Platform Agent is trying to communicate with Sentinel Server.
Steps to change the communication port number in the Platform Agent.
- Open “logevent.conf” file which is located under /etc/ folder in Linux and Solaris platforms and “logevent.cfg” file which is located under sys:\etc\ in NetWare and under C:\WINDOWS\ (WINDOWS folder) folder on windows platforms.
- Edit the above said Platform Agent configuration file to change the communication port number as follows:
LogEnginePort=<new port number>
- Save the Platform Agent configuration file and Exit from the file.
- After modifying the configuration file make sure to unload/stop and load Platform Agent (PA Library and LCache).
How to check / see whether Platform Agent is connected and communicating with Sentinel Server or not?
Run the following command line on Linux and Solaris to know whether Platform Agent is established the communication channel to the Sentinel Server (Audit Connector) or not.
# netstat -na | grep <audit connector port number>
eg: # netstat -na | grep 1289
Run the following command line on Windows to know whether Platform Agent is established the communication channel to the Sentinel Server (Audit Connector) or not.
C:\>netstat -na | <”#audit connector port number”>
eg: C:\>netstat -na | find “1289″