SLM 1.2.1
rhel collector version: 2011.1r1

event source: RedHat Enterprise Linux 5(rhel5)

whenever I stop the syslog service on rhel5 event source, sentinel
automagically creates an event source name 'exiting' and I can check the
'exiting' event source
in ESM LiveView as well as in Sentinel WebUI > Collection > Event
Sources. (plz check the screenshots http://susepaste.org/74070190 and
http://susepaste.org/29533905)

then when I (re)start the syslog service on rhel5 event source, another
event source name 'syslogd' creates .. plz check
http://susepaste.org/58773584

I delete the 'exiting' event source whenever I stop the syslog service
on rhel5, and delete the 'syslogd' event source whenever I (re)starts
the
syslog service rhel5 event source

opening 'raw data tap' never shows events/activity on unnecessarily &
automagically created 'exiting' and 'syslogd' event sources.


--
sharfuddin
------------------------------------------------------------------------
sharfuddin's Profile: https://forums.netiq.com/member.php?userid=1016
View this thread: https://forums.netiq.com/showthread.php?t=47792