Hi Guys,

Here is the scenario, I have a device which is a syslog forwarder. A
number of network devices of differing types send events to the
forwarder. The forwarder then sends the events onto a logging system and
sentinel. By default Sentinel created a Generic Event Collector, which
is fine and recived some events. I know some of the event source types
so wanted to add the appropriate collectors. The error message I see at
the event source server reports :

"Ignoring Event Source XYS.somedomain.com as host XYZ already associated with a event source XYZ.somedomain.com. Ignoring event source XYZ.somedomain.com:Syslog:Map Output (universal) which has a lower importance."

My Question is how can I have this syslog event source feed into the
three collectors I require without error? I have a number of sources
such as IDM boxes that report to both the eDir collector and IDM
collectors, is this simply something which isn't possible with Syslog
events? I might have missed something really obvious here, but look
forward to your responses.

alanforrest's Profile: https://forums.netiq.com/member.php?userid=363
View this thread: https://forums.netiq.com/showthread.php?t=46247