Collector Studio IP Destination and IP Source is IP of Agent
Created: 03 Dec 2012 | Updated: 03 Dec 2012 | 2 comments
This issue has been solved. See solution.
I created a custom collector and am setting source_ip and destination_ip with the SES-Processor. When I test the collector in Collector Studio I get correct values for IP Destination Address and IP Source Address.
When I deploy the collector to my box that has the SSIM agent on it and processes log files I see in the SSIM that the IP Destination Address and IP Source Address is set to the IP of the box that the agent and collector is installed and running on.
What do I need to change to get these fields to display the IP addresses in the log files instead of the IP adress of computer the collector is running on?
Thank you!
Discussion Filed Under:
Comments 2 Comments • Jump to latest comment
Hi,
Which event_class have you used for your collector?
It's important because it's possible that SSIM performs further normalization using *.norm files.
In case of symc_base class every source_ip and destination_ip will be changed into machine_ip which usually contains IP Address of the agent.
Because such normalization is provided by SSIM server the collector studio cannot reflect those additional changes.
Regards
I was using symc_base class. Changing to a different event class solved this issue. Thank you!
Would you like to reply?
Login or Register to post your comment.