cancel
Showing results for 
Search instead for 
Did you mean: 

Mcafee linux event collector and EMS

I want to collect data from websphere and parse it later. Here is a simple of the data I'm targetting:

[14/08/11 07:06:54:204 BST] 0000000a ManagerAdmin  I   TRAS0017I: The startup trace state is *=info.
[14/08/11 07:06:54:683 BST] 0000000a ManagerAdmin  I   TRAS0111I: The message IDs that are in use are deprecated

[14/08/11 07:06:55:606 BST] 0000000a FileRepositor A   ADMR0010I: Document cells/server1_Cell/nodes/server1_Manager/node-metadata.properties is modified.

[14/08/11 07:06:57:823 BST] 0000000a ThreadPoolMgr W   WSVR0626W: The ThreadPool setting on the ObjectRequestBroker service is deprecated.

[21/05/10 10:02:56:240 BST] 00000012 TCPPort       E   TCPC0003E: TCP Channel TCP_5 initialization failed.  The socket bind failed for host * and port 9352.  The port may already be in use.
[21/05/10 10:02:56:244 BST] 00000012 TCPPort       E   TCPC0003E: TCP Channel TCP_5 initialization failed.  The socket bind failed for host * and port 9352.  The port may already be in use.

[15/08/11 03:49:59:333 BST] 0000003c SystemOut     O Debug options: file:/opt/IBM/WebSphere/AppServer/profiles/Profile01/dmgr/.options not found
[15/08/11 03:49:59:512 BST] 0000003c SystemOut     O Need to load org.eclipse.osgi.framework.internal.protocol.reference.Handler
[15/08/11 03:49:59:585 BST] 0000003c SystemOut     O Time to load bundles: 76

I installed the mcafee agent in rehat environnement and I put the following configuration in it:

##############

# Collector

##############

bookmark_dir=/var/lib/mcafee/bookmark

debug_level=info

log_path=/var/log/mcafee/event_collector.log

sleep=5

inactive_sleep=300

##############

#          Receiver

##############

rec_ip=x.x.x.x

rec_port=8081

rec_encrypt=0

##############

#          Plugin

##############

type=filetail

ft_dir=/data/WebSphere/wp_profile/logs/server1

ft_filter=*.log

ft_delim=\[\d+\/\d+\/\d+\s+\d+:\d+:\d+:\d+\s+\w+\]

ft_delim_end_of_event=0

ft_start_top=1

All I get in the ESM is the first line  :

[14/08/11 07:06:54:204 BST]

Is their something I'm missing in the config file ?

Agent version: mcafee-linux-event-collector-9.1.2.4-387.el5.x86_64.rpm

ESM version: 9.3.2

Thanks for your support.

1 Reply
Highlighted

Re: Mcafee linux event collector and EMS

Any luck getting a better results?

Thanks,

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator