Home

Results 1 to 4 of 4

Thread: Collector Plug-in for NetIQ AAF Version: 2011.1r1

Threaded View

  1. #1
    Join Date
    Dec 2007
    Location
    Melbourne, Victoria, Australia
    Posts
    1,216

    Question Collector Plug-in for NetIQ AAF Version: 2011.1r1

    So, the plugin's readme is just the standard template with no detail.

    The link to bugzilla is "access denied" as any "Sentinel" products are non-public.

    Should this collector work? Should it work with "CEF log forward"? (I have the latest Syslog to support CEF installed - its using the same hostname, port, and protocol as other received event sources and it shows as "green" in Sentinel UI with bytes received 95202, but not events received)

    I see AAF creating the CEF event with no sign of failure (even with Debug enabled):

    Code:
    Mar 22 09:15:41 (UTC+1100) xxxxxx CEF:0|AAA|Core|5.0|101|User was successfully logged on|7|ep_addr=x.x.x.x event=AdminUI method_name=LDAP_PASSWORD:1 template_owner=xxxxxx\\xxxxxx<space>xxxxxx tenant_name=TOP user_name=xxxxxx\\xxxxxx<space>xxxxxx p=30005
    Mar 22 09:15:41 (UTC+1100) xxxxxx CEF:0|AAA|Core|5.0|100|User logon started|4|ep_addr=x.x.x.x event=AdminUI method_name=LDAP_PASSWORD:1 tenant_name=TOP user_name=xxxxxx\\xxxxxx<space>xxxxxx p=30005
    Mar 22 09:15:29 (UTC+1100) xxxxxx CEF:0|AAA|Core|5.0|10|Server started|4|p=29802
    I see absolutely nothing in the server0.0.log.
    Last edited by ScorpionSting; 21-Mar-2018 at 11:22 PM.
    Visit my Website for links to Cool Solution articles.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •