can you give an example of what you are tying to accomplish?
I forgot about View Streaming Events )).
Trorres, you do not connect to the event source - Microsoft TMG ?
I can not find instructions for the connection of the event source.
I was looking for, even in the portal - https://support.mcafee.com/
I couldn't find a configuration guide myself. I would pick the SQL pull data source for Forefront TMG and fill in the appropriate settings.
And if the event logs in a file - .*w3c ?
I created the data source - Forefront TMG.
And I try to take the remote TMG logs, format - w3c.
The files are located on a remote server.
Folder with which I try to share the event and take it granted dosut.
But when I connect flies incomprehensible error - NotOK \n
I tried to set up differently but still flies the error - NotOK \n
Is it possible to somehow unload events locally with an agent - SIEM Collector ?
By setting in this configuration - Generic log Tail
So then what should I register in the fields (values) of this configuration ?
That's not the route I would go If I had a choice. I would choose the SQL pull. This data sources pulls directly from the TMG backend data base so you don't have to do all that extra configuration. the data configuration for Forefront SQL pull looks like this:
fill in this information and try the connect button. if the connection states successful then you should be good.
the fact of the matter that the customer all the events recorded in the TMG FILES - w3c. NOT IN THE DATABASE.
Therefore, I ask - how can you set up to collect events from the files (w3c) posmoshyu agent - SIEM Collector ?
How to choose the configuration in SIEM Collector ? How to configure it ?
And one more question - Agent is a tool - sql puling configuration. There is some guidance on how to use it, how to make requests for non-standard database ?
I heard somewhere that there is some kind of spell XML file .......
Ok, based on the information you've given me. Here's what I think needs to be done.
MEF is the format of the data sent to the receivers from the SIEM collector agents. In addition the host enabled box needs to be checked on the agent.
For your second question on non-standard databases the agent nor receivers have a way to read them. We have a Database System Monitoring appliance (DSM) that can pull events from non-standard databases.