So I have configured some Syslog sources (one HP Procurve Switch, and a
Zenworks server configured to log to syslog) to send to Sentinel, they
also automatically show up under Netiq Universal Event, I know they're
sending stuff, I can see the data in a raw collector dump and also when
looking at the raw data in ESM (and it looks sensible enough so that the
fields make sense), *but* almost nothing ever makes it so that I can
find it in Sentinel itself.

I have no filters defined, and Report Unparsed Events is set to yes,
still something somewhere is filtering/dropping those.

Any idea where else to look?

Massimo Rosen
Novell Knowledge Partner
No emails please!