Hi Guys,

I've got a strange thing happening which I have recreated in 2 separate
lab Sentinel instances so far. If it makes any difference both were 7
pre service pack installations, and have the most recent eDirectory and
syslog plugins (downloaded today from the Sentinel plugins site). The
event source is an eDirectory 8.8.6 running on SLES 11 SP1. When the
eDirectory box is configured for XDAS logging (ie. XDASconfig file
updated and imanager settings applied for eDirectory auditing), I have
tried two approaches to collecting the data:


- Let Sentinel Create the event source, it allocates it to a generic
event collector. I then move the event source to an eDir collector
connected to the same syslog server.
- Create a Collector/Connector combination listening for events from
the event source.


Both ways lead to the same results, Sentinel auto creates an event
source on a generic event collector for eDirectory. This results in the
events not being correctly parsed. Is there something special that needs
to be done to get the syslog'd events to go through through the novell
eDirectory collector?

Any pointers? Usually I make use of the audit platform agent for
eDirectory however I was wanting to try the XDAS logging as it is a
feature of eDir 8.8.6 and compatible with the collector according to the
documentation.

Thanks in Advance


--
alanforrest
------------------------------------------------------------------------
alanforrest's Profile: http://forums.novell.com/member.php?userid=90508
View this thread: http://forums.novell.com/showthread.php?t=455672