Each connector that is configured on an agent collects raw events from a specific event source and sends the events to the event log store on a CA Enterprise Log Manager collection server. The event refinement process converts raw events to refined events and archives them to the reporting CA Enterprise Log Manager server. The connector prompt queries for events on the reporting server that were collected as raw events by connectors with the name you specify. Connectors can have a default name or a user-defined name. You copy the name of the connector to use and paste it in the field of the connector prompt and click Go to display the prompt query results.
Use the connector prompt to:
To copy the name of an active connector
The Log Collection Explorer is displayed.
The Agent Status Monitor appears, where one column lists connector names.
To use the Connector prompt
The Query List displays the Prompts folder, the Subscription folder, and possibly a Users folder.
The Connector prompt displays the Connector field and the following CEG field, which must remain selected for the prompt to function:
Is the name of a connector.
The connector name you copied from the Agent Status Monitor appears in the Connector field.
Results of the connector prompt query appear.
Indicates the severity of the event, where the values in increasing order of severity include: Information, Warning, Minor Impact, Major Impact, Critical, and Fatal.
Indicates when the event occurred.
Identifies the high-level category of the corresponding event action. For example, System Access is the category for the Authentication action.
Identifies the action, where possible actions are determined by the class of the event.
Identifies the agent on which the connector is running.
Identifies the event source host from which the connector is collecting events.
Identifies the source actor of the event, that is, the identity that initiated the action. The performer can be expressed as the source username or source process name.
Identifies the username of the account used for authentication when the connector attempts to connect to the host with the event source from which raw events are collected. This is typically a low-privileged account. The credentials for this account are configured on the event source and also on the log sensor of the connector.
Specifies a code for the event result of the corresponding action, where S means Success, F means Failure, A means Accepted, D means Dropped, R means Rejected, and U means Unknown.
The name of the connector entered in the prompt filter field.
The first event collected by a new connector is for the action System Startup and ends with: result_string=<connector name> Connector Started Successfully
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |