SSIM collector for MS forefront
Updated: 10 Oct 2010 | 6 comments
This issue has been solved. See solution.
My ForeFront use SQL2k8 for keep all log from proxy and firewall.
I want to collect all log from ForeFront but I have some problem with my custom collector.
My sensor can't find last position from SQL2k8.
Anyone can share idea for this case?
discussion Filed Under:
Comments
MS Forefront is not supported yet.
MS Forefront is not oficially supported so far.
Collector for it is scheduled for development and should be released in December quarter.
Can you share the collector log? I beleive the database schema was changed comparing to what MS ISA had. Did you try reading from database hosting on SQL 2005?
Thanks,
Alexey.
Thanks,
Alexey.
Hi BadBoo Thanks for
Hi BadBoo
Thanks for answer.
I found this record on debug log.
DEBUG 2010-09-01 17:20:16,218 Collectors.9995.wGroup.[workinggroup0].Sensor.[Sensor_0] Thread-17 Last position for "WEB_LOG" is []
I think, my collector can't get last position from MS SQL2k8 DB.
My query is
<prop key="QuerySet.1.Name">WEB_LOG</prop>
ISALOG_20100831_WEB_000.dbo.vWeb_log</prop>
Can you suggest about syntax of query for detect last position of record in DB log?
Thanx.
You need to list all fields
You need to list all fields in your query:
select field1, field2, field3, .... from table
Also, you need use ORDER BY clause in your query to sort by the field which is selected as last position field.
Also, using <prop key="QuerySet.1.PrimaryQuery.1.Parameter.1.FieldIndex">N</prop> you have to define the number of the field which will be used as last position field in your query. For examlple, if you will use first field - you need to set 1.
Then you have to set InitialBeginningQuery (or value) and InitialEndQuery (or value) for the field which is used as last position field. These values will be used during first collector run.
Please, add these changes in your collector and try again.
Thanks,
Tatyana
This is my query : <prop
<prop key="QuerySet.1.Name">WebProxyLog</prop>
But my sensor didn't stop, the last position didn't show in debug log.
It still show :
Last position for "WebProxyLog" is []
Anyone can help me for collector query?
Thank you so much.
The reason is that your query
The reason is that your query doesn't contain clause to use your last position (sorry, I forgot to mention this in my previous comment).
I mean, query should contain "where lastpositionfield > ?"
In your case, your query will be:
SELECT ROWNUM,ClientIP,ClientUserName,ClientAgent,ClientAuthenticate,logTime,service,servername
FROM dbo.vWebProxyLog
WHERE ROWNUM > ?
order by ROWNUM
Collector will substitute question mark with the last value it reads each time.
Thanks,
Tatyana
Hi Tatyana My query is work
Hi Tatyana
My query is work after perform as your advice.
Thank you so much.
Be_guy
Would you like to reply?
Login or Register to post your comment.