Administration Guide › Queries and Reports › Prompts › Use the Connector Prompt

Use the Connector Prompt

Each connector that is configured on an agent collects raw events from a specific event source and sends the events to the event log store on a CA User Activity Reporting Module collection server. The event refinement process converts raw events to refined events and archives them to the reporting CA User Activity Reporting Module server. The connector prompt queries for events on the reporting server that were collected as raw events by connectors with the name you specify. Connectors can have a default name or a user-defined name. You copy the name of the connector to use and paste it in the field of the connector prompt and click Go to display the prompt query results.

Use the connector prompt to:

• View events from all connectors based on the same integration. This is possible if you accept the default connector name when deploying connectors.
• Verify a new connector is retrieving events. If multiple agents have connectors with the name you specify, enter the agent name in the Match field to limit the query results to events retrieved by the new connector.

To copy the name of an active connector

1. Click the Administration tab.

   The Log Collection Explorer is displayed.

2. Click Agent Explorer.

   The Agent Status Monitor appears, where one column lists connector names.

3. Right-click the connector you want to use in the prompt query and select Copy Connector Name.

To use the Connector prompt

1. Select Queries and Reports.

   The Query List displays the Prompts folder, the Subscription folder, and possibly a Users folder.

2. Expand Prompts and select Connector.

   The Connector prompt displays the Connector field and the following CEG field, which must remain selected for the prompt to function:

   agent_connector_name

   Is the name of a connector.

3. Right-click in the Connector field and select Paste.

   The connector name you copied from the Agent Status Monitor appears in the Connector field.

4. Click Go.

   Results of the connector prompt query appear.

5. Use the following descriptions to interpret the query results:

   CA Severity

   Indicates the severity of the event, where the values in increasing order of severity include: Information, Warning, Minor Impact, Major Impact, Critical, and Fatal.

   Date

   Indicates when the event occurred.

   Category

   Identifies the high-level category of the corresponding event action. For example, System Access is the category for the Authentication action.

   Action

   Identifies the action, where possible actions are determined by the class of the event.

   Agent Name

   Identifies the agent on which the connector is running.

   Host

   Identifies the event source host from which the connector is collecting events.

   Performer

   Identifies the source actor of the event, that is, the identity that initiated the action. The performer can be expressed as the source username or source process name.

   Account

   Identifies the username of the account used for authentication when the connector attempts to connect to the host with the event source from which raw events are collected. This is typically a low-privileged account. The credentials for this account are configured on the event source and also on the log sensor of the connector.

   Result

   Specifies a code for the event result of the corresponding action, where S means Success, F means Failure, A means Accepted, D means Dropped, R means Rejected, and U means Unknown.

   Connector Name

   The name of the connector entered in the prompt filter field.

6. (Optional) Select Show raw events.

   The first event collected by a new connector is for the action System Startup and ends with: result_string=<connector name> Connector Started Successfully