>
> ObserverHostName sn The unqualified host name of the observing
> host.
> ObserverIP obsip The IP address of the observing host.
> ObserverCategory rv32 The classification category assigned to the
> type of observer from which the event data was received
>


its my sentinel 7.0.1 box. I have a syslog based Event Source with IP
192.168.0.6 and its hostname is lab-world.

I got the events/logs when I search for the following:
sn:lab-world
(sn:lab-world) NOT st:"I" NOT st:"A" NOT st:"P"
(rv32:OS) AND (sn:lab-world) NOT st:"I" NOT st:"A" NOT st:"P"

but following queries does not fetch any result(logs/events)
obsip:192.168.0.6
obsip:"192.168.0.6"
(obsip:"192.168.0.6") NOT st:"I" NOT st:"A" NOT st:"P"
(rv32:OS) AND (obsip:"192.168.0.6") NOT st:"I" NOT st:"A" NOT st:"P"

So my question is why I am not getting the results when I searched the
events using "obsip" ?

Any help would be appreciated


--
sharfuddin
------------------------------------------------------------------------
sharfuddin's Profile: https://forums.netiq.com/member.php?userid=1016
View this thread: https://forums.netiq.com/showthread.php?t=3030