1 Reply Latest reply on Oct 27, 2015 9:13 AM by SIEMer SIEMer

    Mcafee linux event collector and EMS

    khalid_douif

      I want to collect data from websphere and parse it later. Here is a simple of the data I'm targetting:

       

       

      [14/08/11 07:06:54:204 BST] 0000000a ManagerAdmin  I   TRAS0017I: The startup trace state is *=info.
      [14/08/11 07:06:54:683 BST] 0000000a ManagerAdmin  I   TRAS0111I: The message IDs that are in use are deprecated
      [14/08/11 07:06:55:606 BST] 0000000a FileRepositor A   ADMR0010I: Document cells/server1_Cell/nodes/server1_Manager/node-metadata.properties is modified.
      [14/08/11 07:06:57:823 BST] 0000000a ThreadPoolMgr W   WSVR0626W: The ThreadPool setting on the ObjectRequestBroker service is deprecated.
      [21/05/10 10:02:56:240 BST] 00000012 TCPPort       E   TCPC0003E: TCP Channel TCP_5 initialization failed.  The socket bind failed for host * and port 9352.  The port may already be in use.
      [21/05/10 10:02:56:244 BST] 00000012 TCPPort       E   TCPC0003E: TCP Channel TCP_5 initialization failed.  The socket bind failed for host * and port 9352.  The port may already be in use.
      [15/08/11 03:49:59:333 BST] 0000003c SystemOut     O Debug options: file:/opt/IBM/WebSphere/AppServer/profiles/Profile01/dmgr/.options not found
      [15/08/11 03:49:59:512 BST] 0000003c SystemOut     O Need to load org.eclipse.osgi.framework.internal.protocol.reference.Handler
      [15/08/11 03:49:59:585 BST] 0000003c SystemOut     O Time to load bundles: 76
      
      

       

      I installed the mcafee agent in rehat environnement and I put the following configuration in it:

       

      ##############
      # Collector
      ##############
      bookmark_dir=/var/lib/mcafee/bookmark
      debug_level=info
      log_path=/var/log/mcafee/event_collector.log
      sleep=5
      inactive_sleep=300
      
      
      ##############
      #          Receiver
      ##############
      rec_ip=x.x.x.x
      rec_port=8081
      rec_encrypt=0
      
      
      ##############
      #          Plugin
      ##############
      type=filetail
      ft_dir=/data/WebSphere/wp_profile/logs/server1
      ft_filter=*.log
      ft_delim=\[\d+\/\d+\/\d+\s+\d+:\d+:\d+:\d+\s+\w+\]
      ft_delim_end_of_event=0
      ft_start_top=1
      
      

       

      All I get in the ESM is the first line  :

       

      [14/08/11 07:06:54:204 BST]

       

      Is their something I'm missing in the config file ?

       

       

      Agent version: mcafee-linux-event-collector-9.1.2.4-387.el5.x86_64.rpm
      ESM version: 9.3.2
      

       

      Thanks for your support.