cancel
Showing results for 
Search instead for 
Did you mean: 
ginn
Level 7
Report Inappropriate Content
Message 1 of 4

Linux SCP data retrieval

Jump to solution

Hi,

I've got an ubuntu vm which I want to add as a data source. I've set it up as

Vendor => UNIX

Model => Linux(ASP)

Data format=> Default

Data Retrieval => SCP File Source

The question is: What do I put in the Wildcard expression field so that I can select multiple logs I want, like auth.og, kern.log, syslog, syslog.1 etc  ? I don't want to do a *.log as I only need certain .log files

1 Solution

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Linux SCP data retrieval

Jump to solution

Hi Ginn


It seems that you would like to use a regular expression rather than a wildcard and we do not currently support that. You can submit a PER for that new feature at the link below.

As a workaround you could set a cron job to copy the logs that you want to monitor to another directory where they would all match * as the wildcard.


https://mcafee.acceptondemand.com/index.jsp

Chris

3 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Linux SCP data retrieval

Jump to solution

Hi Ginn


It seems that you would like to use a regular expression rather than a wildcard and we do not currently support that. You can submit a PER for that new feature at the link below.

As a workaround you could set a cron job to copy the logs that you want to monitor to another directory where they would all match * as the wildcard.


https://mcafee.acceptondemand.com/index.jsp

Chris

ginn
Level 7
Report Inappropriate Content
Message 3 of 4

Re: Linux SCP data retrieval

Jump to solution

Thank you, I'll try doing that.

One more question, though: When I do use SCP or HTTP and all other options, the receiver only gets each log file once, then stops trying to copy it and parse it. A workaround is to check "Delete processed files" , but the client needs the log filesto be intact. Should I just create a new log file with all the logs I need and have that one deleted everytime, or is there some other solution I've missed?

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Linux SCP data retrieval

Jump to solution

Hi Ginn

Another possibility is to use the Linux Agent which would install on the the system and you can push the files to the receiver. McAfee Linux Event Collector 9.1.3 provides you with the capability to add a local agent to your system to push several types of data to the McAfee Event Receiver. We support Ubuntu versions 10.04 and 12.04. You can configure that to tail each of the log files and that way the data will be intact.

The Linux Agent is avaialble from McAfee Downloads in the MFE Event Receiver Section at this URL;

https://secure.mcafee.com/apps/downloads/my-products/login.aspx?region=us

Chris