Hi all,

I tried writing my own collector for new log format parsing, and it was
using syslog connector.
The original log was an application log, and it didn't have the appid

For a log example:
Oct 12 12:09:04 A new user account lliu has been created
by admin.

I haven't defined a property for the application id in
connectionMethods.xml, because the original logs didn't have the appid

For the log parsing testing:
I used netcat command for log sending test. Sentinel Log Manager
launched the generic collector for the new event source, and it couldn't
pass the log to my custom collector. Then I tried choosing the new event
source, and selected a collector plugin for the exact collector mapping.
The new event source has moved and mapped to my custom collector. I
thought that was okay. So I tried to send logs again. The generic
collector created the same event source again. Sentinel Log Manager
didn't help to transfer logs to my custom collector.

Would you share with me your experience? How did you handle the kind of
logs without appid? I would like to know the process of Sentinel Log
Manager more clear between generic collector and other collectors.


lliu's Profile: http://forums.novell.com/member.php?userid=7010
View this thread: http://forums.novell.com/showthread.php?t=446501