Hi all,

I'm using the latest OpenLDAP collector (OpenLDAP slapd 6.1r1) in
Sentinel, and I'm having some trouble with it. Just want to
clarify at the beginning that the collector hasn't been modified in any

The fully parsed message doesn't contain the EventSourceID which I need
for filtering purposes. The event source (OpenLDAP server) sends syslog
messages directly to Sentinel (no relays) and when I initiate a Raw Data
Tap (SS1), the s_RV24 is visible, but the fully parsed message (SS2)
doesn't contain the EventSourceID. Is this a bug or a feature? If
it's a feature which other variable can I use to filter that event

Thanks in advance!

[image: https://dl.dropbox.com/u/2498235/sen...preparsed.png]

[image: https://dl.dropbox.com/u/2498235/sen...ap_parsed.png]

emviljac's Profile: https://forums.netiq.com/member.php?userid=3342
View this thread: https://forums.netiq.com/showthread.php?t=47121