Hi Risto,
Your are right, events are missing from the file(local7) serves as input file
to SEC and is being produced by syslog-ng. This is breaking things on SEC side
for auto closure of alerts.
Same events from devices are copied to Splunk too and missing events appeared
there.
Regards,
Inderjeet
+91-9971183748
From: Risto Vaarandi <risto.vaara...@seb.ee>
Sent: Tuesday, April 3, 2018 4:35 PM
To: Inderjeet Singh <inder...@qti.qualcomm.com>;
simple-evcorr-users@lists.sourceforge.net
Subject: RE: Input log missing in syslog-ng
Hi Inderjeet,
A quick question - are events missing from the file which serves as an input
for SEC (in other words, the file which is provided with the -input command
line option to SEC)? If so, is this file produced by syslog-ng?
Kind regards,
risto
From: Inderjeet Singh [mailto:inder...@qti.qualcomm.com]
Sent: Tuesday, April 03, 2018 1:26 PM
To:
simple-evcorr-users@lists.sourceforge.net<mailto:simple-evcorr-users@lists.sourceforge.net>
Subject: [Simple-evcorr-users] Input log missing in syslog-ng
Hi,
Recently we migrated SEC from RHEL5 to RHEL7(Syslog-ng r3.5.6-3.el7, SEC
r2.7.12) system.
We have observed events are missing in syslog-ng input file in the new SEC
instance while syslog-ng and SEC rule files are replica of old instance.
Any pointer to identify what can be root cause of the issue? There might be
syslog-ng.conf file compilation issue with RHEL7?
Regards,
Inderjeet
+91-9971183748
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
