I am new to Sentinel, so please bear with me if anything I say doesn't
make sense.

My project uses Sentinel 6.1 to collect syslog events from a Solaris 9
server. It uses the Collector known as
-Sun_Microsystems_Solaris_9_LOG_600-. It's using the "esec5" syslog

Occassionally, a syslog message comes through which gets designated as
an "Unsupported Event" in the Sentinel Control Center's Active View
window. The Message field of this event displays a portion of the
original syslog message's body -- basically everything after the host IP

The problem is that the host IP address itself is not included in any
of the fields for this event in the Active View window (InitHostName,
InitIP, TargetIP, etc.). We see the host IP address in the raw data tap
(in Event Source Management) as part of s_RxBufferString, but it does
not make it into the event shown in Active View.

I am new to Sentinel, but my first thought was that perhaps the
Collector's parsing lookups were failing us. I've looked at them,


and just based on the syntax of the filters, I can't see how this would

Can any one offer any suggestions? Am I missing something obvious? As
I said, I am new to this, so I might be looking in the wrong place

sentinelsurfer's Profile: http://forums.novell.com/member.php?userid=124111
View this thread: http://forums.novell.com/showthread.php?t=452583