Quantcast
Channel: THWACK: Popular Discussions - Security Event Manager (SEM) - Formerly Log & Event Manager
Viewing all articles
Browse latest Browse all 5911

LEM does not capture logs from RHEL agents

May 2, 2018, 10:43 pm
$
0
0

I have look through the troubleshoot guide and gathered information based on it

Our RHEL servers are currently connected to the LEM as shown in the LEM console,

have verified that no firewall is between these devices as all the ports are opened,

Started the connector for Linux such as PAM and OpenSHH.

In the LEM Internal Events, the InternalToolOnline shown Started FAST reader for the connectors I have configured and started.

But there are still no logs coming in from the RHEL agents

 

Client Details

 

LEM Version: 6.3.1hotfix7

Agent Version: 6.3.1hotfix5
Linux OS: Linux 2.6.32-279.37.2.el6.x86_64

Web Console: SolarWinds-LEM-v6.3.1

 

Installer Files

 

LEM Installer: SolarWinds-LEM-v6.3.1-Evaluation-HyperV

Agent Installer: SolarWinds-LEM-v6.3.1-HF5-Linux64AgentInstaller

Console Installer: SolarWinds-LEM-v6.3.0-Console & SolarWinds-LEM-v6.3.0-AdobeAIR

 

Base on this article:https://support.solarwinds.com/Success_Center/Log_Event_Manager_(LEM)/LEM_with_Linux_x64_Agents_show_no_logs

 

We have verified that our RHEL servers syslog has a non-standard date header format.

We also verified changing the syslog to a non-standard date header format from a standard one will cause the LEM to stop capturing log from the RHEL agents.

 

However, We are not comfortable in changing the non-standard to a standard one for LEM to take in the logs.

Therefore,

 

is there any alternatives for this issue?

Is it possible to configure the LEM Agents to take into account of our current Syslog format?

If yes, configuration will only take place in /usr/local/contego/ContegoSPOP?

 

--------------------------------------------------------------------------------------------------------------------------------------------------------

 

Okay things have changed.

We have managed to get one of our client devices to change to a standard/default date header for the syslog.

And the logs are sent to LEM and displayed on the Console

 

May I confirm if the SolarWinds Agent require Default Date Header for Syslog?

 

As for the LinuxConnector, I am using OpenSSH and PAM for /var/log/secure

May I know which connector can I use for /var/log/messages and /faillog

 

Would appreciate any help provided.

Search
Viewing all articles
Browse latest Browse all 5911
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>