cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ginn
ginn
Level 7
Report Inappropriate Content
Message 1 of 4
‎07-17-2013 05:01 AM

Linux SCP data retrieval

Jump to solution

Hi,

I've got an ubuntu vm which I want to add as a data source. I've set it up as

Vendor => UNIX

Model => Linux(ASP)

Data format=> Default

Data Retrieval => SCP File Source

The question is: What do I put in the Wildcard expression field so that I can select multiple logs I want, like auth.og, kern.log, syslog, syslog.1 etc  ? I don't want to do a *.log as I only need certain .log files

0 Kudos
Reply
1 Solution

Accepted Solutions
siemchris
McAfee Employee siemchris
McAfee Employee
Report Inappropriate Content
Message 2 of 4
‎07-22-2013 09:53 AM

Re: Linux SCP data retrieval

Jump to solution

Hi Ginn


It seems that you would like to use a regular expression rather than a wildcard and we do not currently support that. You can submit a PER for that new feature at the link below.

As a workaround you could set a cron job to copy the logs that you want to monitor to another directory where they would all match * as the wildcard.


https://mcafee.acceptondemand.com/index.jsp

Chris

View solution in original post

0 Kudos
Reply
3 Replies
siemchris
McAfee Employee siemchris
McAfee Employee
Report Inappropriate Content
Message 2 of 4
‎07-22-2013 09:53 AM

Re: Linux SCP data retrieval

Jump to solution

Hi Ginn


It seems that you would like to use a regular expression rather than a wildcard and we do not currently support that. You can submit a PER for that new feature at the link below.

As a workaround you could set a cron job to copy the logs that you want to monitor to another directory where they would all match * as the wildcard.


https://mcafee.acceptondemand.com/index.jsp

Chris

View solution in original post

0 Kudos
Reply
ginn
ginn
Level 7
Report Inappropriate Content
Message 3 of 4
‎07-22-2013 10:42 PM

Re: Linux SCP data retrieval

Jump to solution

Thank you, I'll try doing that.

One more question, though: When I do use SCP or HTTP and all other options, the receiver only gets each log file once, then stops trying to copy it and parse it. A workaround is to check "Delete processed files" , but the client needs the log filesto be intact. Should I just create a new log file with all the logs I need and have that one deleted everytime, or is there some other solution I've missed?

0 Kudos
Reply
siemchris
McAfee Employee siemchris
McAfee Employee
Report Inappropriate Content
Message 4 of 4
‎07-23-2013 05:54 AM

Re: Linux SCP data retrieval

Jump to solution

Hi Ginn

Another possibility is to use the Linux Agent which would install on the the system and you can push the files to the receiver. McAfee Linux Event Collector 9.1.3 provides you with the capability to add a local agent to your system to push several types of data to the McAfee Event Receiver. We support Ubuntu versions 10.04 and 12.04. You can configure that to tail each of the log files and that way the data will be intact.

The Linux Agent is avaialble from McAfee Downloads in the MFE Event Receiver Section at this URL;

https://secure.mcafee.com/apps/downloads/my-products/login.aspx?region=us

Chris

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC