Hi all,


I am struggling with the connection methods in a Sentinel plugin:

Code of connectionMethods.xml:

Code:
--------------------

<?xml version="1.0" encoding="UTF-8" standalone="no"?><ConnectionMethods>
<ConnectionMethod>
<ConnectorName>SYSLOG</ConnectorName>
<IsDefault>1</IsDefault>
<ConnectionModes>
<ConnectionMode>
<InternalName>map</InternalName>
<DisplayName>Syslog:Map Output (WAF)</DisplayName>
<Description>.</Description>
<IsDefault>1</IsDefault>
<Properties>
<Property>
<Value>true</Value>
<Name>EventMap</Name>
</Property>
<Property>
<Name>Stateful</Name>
<Value>false</Value>
</Property>
<Property>
<Name>DataFormat</Name>
<Value>map</Value>
</Property>
<Property>
<Name>WAF</Name>
<Value>true</Value>
</Property>
</Properties>
</ConnectionMode>
<ConnectionMode>
<InternalName>line</InternalName>
<DisplayName>Syslog:Line Output (WAF)</DisplayName>
<Description>This mode outputs syslog data in a simple, RFC-compatible text format.</Description>
<IsDefault>0</IsDefault>
</ConnectionMode></ConnectionModes>
</ConnectionMethod>
<!-- Leave the below connection method in place for most Collectors to allow debug/replay -->
<ConnectionMethod>
<ConnectorName>FILE</ConnectorName>
........
</ConnectionMethods>

--------------------

This code works fine, I see parsed events and also a syslog map in the
cofiguration windows of the event soruce.

But as I import the plugin and start it this error is in the
server_wrapper.log

Code:
--------------------

Using default connection mode Syslog:Line Output (WAF) (line) to resolve event source configuration for event source apXXXXXe:Syslog:Map Output (universal) (ID E12EF521-A740-1033-8F12-0050568958C4) because connection mode map was not found in collector package for plugin Ergon WAF (ID D0000001-1000-A000-BBBB-0002000A1001). Check collector plugin.

--------------------


The normal way to sort the events sources
-initially the event source is listed in netiq-universal connector
-I move this source to the new connector
-parsing starts with the new connector. Done

If I only use the connection map configuration without the line option I
have the following problem:
After moving to the new connector no parsing is done here and a new
event source is again generated at the universal connector.

So I am happy now that the above config of the connectionMethod works,
but the error in the log file irritats me.


--
tfechner
------------------------------------------------------------------------
tfechner's Profile: https://forums.netiq.com/member.php?userid=8929
View this thread: https://forums.netiq.com/showthread.php?t=55262