Hi,
I've got an ubuntu vm which I want to add as a data source. I've set it up as
Vendor => UNIX
Model => Linux(ASP)
Data format=> Default
Data Retrieval => SCP File Source
The question is: What do I put in the Wildcard expression field so that I can select multiple logs I want, like auth.og, kern.log, syslog, syslog.1 etc ? I don't want to do a *.log as I only need certain .log files
Solved! Go to Solution.
Hi Ginn
It seems that you would like to use a regular expression rather than a wildcard and we do not currently support that. You can submit a PER for that new feature at the link below.
As a workaround you could set a cron job to copy the logs that you want to monitor to another directory where they would all match * as the wildcard.
https://mcafee.acceptondemand.com/index.jsp
Chris
Hi Ginn
It seems that you would like to use a regular expression rather than a wildcard and we do not currently support that. You can submit a PER for that new feature at the link below.
As a workaround you could set a cron job to copy the logs that you want to monitor to another directory where they would all match * as the wildcard.
https://mcafee.acceptondemand.com/index.jsp
Chris
Thank you, I'll try doing that.
One more question, though: When I do use SCP or HTTP and all other options, the receiver only gets each log file once, then stops trying to copy it and parse it. A workaround is to check "Delete processed files" , but the client needs the log filesto be intact. Should I just create a new log file with all the logs I need and have that one deleted everytime, or is there some other solution I've missed?
Hi Ginn
Another possibility is to use the Linux Agent which would install on the the system and you can push the files to the receiver. McAfee Linux Event Collector 9.1.3 provides you with the capability to add a local agent to your system to push several types of data to the McAfee Event Receiver. We support Ubuntu versions 10.04 and 12.04. You can configure that to tail each of the log files and that way the data will be intact.
The Linux Agent is avaialble from McAfee Downloads in the MFE Event Receiver Section at this URL;
https://secure.mcafee.com/apps/downloads/my-products/login.aspx?region=us
Chris
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA