• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 7 replies
  • Subscribers 14 subscribers
  • Views 5040 views
  • Users 0 members are here
Options
Related

InTrust 11.4 Custom Data source

payank shah
over 5 years ago

Trying to create custom data source to collect WSUS logs but when I setup custom data source for error.log it does not align in InTrust 11.4 but I am able to align it in Excel. How to setup custom data source for each type of logs below?  Also can this be collected in Real-time need to use Traditional (scheduled job) collection.

 

  1. WSUS

Windows Internal  Database

C:\Windows\WID\Log

      Erro*.log

log_*.trc

system_health_*.xel

 

                   C:\windows\system32\logfiles\httperr

Httperr*.log

 

                   C:\Program Files\Update Services\Logfiles

           

Change.log

SoftwareDistribution.log

Also for Windows Firewall log can it be collected in real-time.

Parents
  • +1 over 5 years ago

    Hi Payank Shah,

    I beg your pardon, but the set of logs you mentioned is so manifold that I cannot give you a certain answer.

    Generally, the text logs can be configured only in "InTrust Manager" and collected only on schedule, not in real-time.

    Erro*.log, log_*.trc, system_health_*.xel: these three are from SQL folder, aren't they? Error log can be collected by existing InTrust data source named "Microsoft SQL Server Error Log", other two are binary, not text ones.

    Under Windows Firewall log do you mean "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" log which can be found in event viewer? (%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx). If yes, then it can be collected both on schedule and in real-time way if you add it in "InTrust Manager" or "InTrust Deployment Manager".

    All other log names and folders I did not find on my desktop, sorry.

    I propose the following procedure: Please focus on one log, create a separate topic here on this forum and provide the log example, I mean a dozen of lines from the log . I will grab it and help to create the InTrust Data Source.

  • 0 over 5 years ago in reply to Igor.Ilyin

    Thx for the Answer Igor.

    Using SQL server data source i was able to try collect err*.log.   But since This and pfirewall.log are text and as you said they have to be scheduled how do you forward this events?  Since forwarding capability are only in InTrust Deployment Manager console. 

  • 0 over 5 years ago in reply to payank shah

    Unfortunately we cannot forward events collected on schedule, sorry. The second thing is that we forward only named strings of events, and even if we create a custom solution for you to forward arbitrary text logs, they will come to a destination host as empty events. I will pass your request to InTrust Product Manager.

Reply
  • 0 over 5 years ago in reply to payank shah

    Unfortunately we cannot forward events collected on schedule, sorry. The second thing is that we forward only named strings of events, and even if we create a custom solution for you to forward arbitrary text logs, they will come to a destination host as empty events. I will pass your request to InTrust Product Manager.

Children
No Data