Hi

I have the following issue regarding Active Directory for Sentinel

I am running the latest version of Sentinel

I have an AD collector and connector that seems to work fine and when
you start the event source(observers) it does start to pull actual
events but after it finishes or are in the process of getting the
events it stops working.
I have tried it with all the AD event sources(observers) and it seems to
be case.

You can see that the event source has stopped working if you go into
Status details

I use WECS(Windows Event collection services) as the client want to run
client less.

All the other 4 types of collectors and connectors are fine(eDir,IDM,
OES,Symantec)

THE VERSION OF WECS I AM USING IS

Windows-Event-(WMI)_2011.1r4-201409300209-release


THE COLLECTOR AND CONNECTOR IS

2011.1r4 201409300209-connector

20111.r4-201404110301-collctor(Microsoft Active Directory and Windows
2012)

The only thing I could get in the server log files was the following

-The timezone of the event id=null time=null may not be set correctly.
Wed Aug 12 11:39:58 SAST 2015|INFO|Windows Event Collection Service GZip
Reader
13|esecurity.ccs.comp.evtsrcmgt.connector.WMS.Agen tReader$GZipReader.run CollectionService
is closing the Gzip 'session'.
A new gzip session will be created
-

-Generic Hostname Resolution
Service(201D91E0-1CC4-1033-9D2A-005056BC3D41) Parsing failed: TypeError:
Cannot read property "length" from null; input: undefined
Wed Aug 12 11:39:23 SAST 2015|WARNING|Collector [Generic Hostname
Resolution
Service]|esecurity.ccs.comp.proxycollector.common.Pluggabl eEngineMediator.fireEvent
Unable to find event source manager for connector null and event source
null. The timezone of the event id=null time=null may not be set
correctly.
Wed Aug 12 11:39:23 SAST 2015|WARNING|Collector [Generic Hostname
Resolution Service]|-


--
lfcrous
------------------------------------------------------------------------
lfcrous's Profile: https://forums.netiq.com/member.php?userid=9981
View this thread: https://forums.netiq.com/showthread.php?t=54049