3 Replies Latest reply on Jul 23, 2013 7:54 AM by Chris Boldiston

    Linux SCP data retrieval

      Hi,

       

      I've got an ubuntu vm which I want to add as a data source. I've set it up as

       

      Vendor => UNIX

      Model => Linux(ASP)

      Data format=> Default

      Data Retrieval => SCP File Source

       

      The question is: What do I put in the Wildcard expression field so that I can select multiple logs I want, like auth.og, kern.log, syslog, syslog.1 etc  ? I don't want to do a *.log as I only need certain .log files

        • 1. Re: Linux SCP data retrieval
          Chris Boldiston

          Hi Ginn

           

           


          It seems that you would like to use a regular expression rather than a wildcard and we do not currently support that. You can submit a PER for that new feature at the link below.

           

          As a workaround you could set a cron job to copy the logs that you want to monitor to another directory where they would all match * as the wildcard.

           


          https://mcafee.acceptondemand.com/index.jsp

           

           

           

          Chris

          • 2. Re: Linux SCP data retrieval

            Thank you, I'll try doing that.

             

            One more question, though: When I do use SCP or HTTP and all other options, the receiver only gets each log file once, then stops trying to copy it and parse it. A workaround is to check "Delete processed files" , but the client needs the log filesto be intact. Should I just create a new log file with all the logs I need and have that one deleted everytime, or is there some other solution I've missed?

            • 3. Re: Linux SCP data retrieval
              Chris Boldiston

              Hi Ginn

               

               

              Another possibility is to use the Linux Agent which would install on the the system and you can push the files to the receiver. McAfee Linux Event Collector 9.1.3 provides you with the capability to add a local agent to your system to push several types of data to the McAfee Event Receiver. We support Ubuntu versions 10.04 and 12.04. You can configure that to tail each of the log files and that way the data will be intact.

               

               

              The Linux Agent is avaialble from McAfee Downloads in the MFE Event Receiver Section at this URL;

               

              https://secure.mcafee.com/apps/downloads/my-products/login.aspx?region=us

               

               

               

              Chris