Syslog and Trap passthrough in MC
Hallo, I was advised by the support that this is "the way it should be" as Message collector are not log aggregator. in Version 12.1.x, the message collector will no longer record the syslog or snmp trap that is received by the MC in any of the capacity. These messages are being proceed on a memory buffer directly into the Event Engine into the Database. 1 - devices are sending syslog + trap to MC - we are able to confirm in tcpdump 2 - MC takes these packets and memory buffer it to somewhere and it get proceed by the mc event engine as ignore or proceed 3 - if proceed - we will see it on the DB 4 - if not proceed - we will see nothing on DB So now, we have no ability to know on the format or the actual message received by the message collector. There is currently no "known way" to redact this into a file or forward out to another syslog server as they are passthrough over the memory, at least we tried and no success. Docs indicated that the rsyslog function will also work with local message, which excludes the device syslog/trap. I can't tell if this is good or bad but I know it's hard to troubleshoot when we are not receiving on the DB and we are trying to decipher the message on the MC. Anyone, have any suggestion, or should this be a EM number :)Solved27Views0likes2Comments- 21Views0likes0Comments
Find last login time for user accounts using API
Hi - Where would a person find the last login time for accounts that login with the API? I have checked Access Sessions and the report Inactive User and the API sessions do not get logged. I am not able to load Audit Logs without a timeout to see if the API sessions would be available there. ThanksSolved67Views0likes3CommentsGQL queries with attributes
We have a need to automate lots of BSM service creations and I am struggling with GQL now. We have created attribute to be used for har query {customAttributes (first: 7, search: {name: {eq: "BSM_Region"}}) { edges { node {id label type entity alignmentType } } } } and that gives us: { "data": { "customAttributes": { "edges": [ { "node": { "id": "57", "label": "BSM_Region", "type": "string", "entity": "harProvider", "alignmentType": "extended" } } ] } } } If I then try to align that attribute to spesific service like this: mutation {alignCustomAttribute( attribute:57, entity: "cm03r2q3a807hs5mn8m4a1dga", value:"Koillismaan kauppa", type: harProvider ) {__typename} } It gives an error: { "errors": [ { "path": [ "alignCustomAttribute" ], "message": "The following id/ids: 57 could not be found. Failed to align custom attributes.", "extensions": { "code": "ID_NOT_FOUND" } } ], "data": { "alignCustomAttribute": null } } Some help needed here.Solved62Views0likes4CommentsHow to Fix powershell communication error?
How to Fix powershell communication error Forward and reverse name resolution is not properly configured for server? We have multiple windows server in which we are facing this issue and server have multiple DNS entries and we can delete them. also i tried to add IP and host in sciencelogic data collector also added in dnsmsaq-resolve.conf to resolve this issue but still we are facing this error Forward and reverse name resolution is not properly configured for server, how to fix this issue without deleting DNS entries.169Views0likes4Comments