Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring an AgileSI Log Source

 

JSA must be configured to log in and poll the event file by using the SMB Tail protocol.

The SMB Tail protocol logs in and retrieves events that are logged by agileSI in the LEEFYYYDDMM.txt file.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. In the Log Source Name field, type a name for your log source.
  7. In the Log Source Description field, type a description for the log source.
  8. From the Log Source Type list, select iT-CUBE agileSI.
  9. Using the Protocol Configuration list, select SMB Tail.
  10. Configure the following values:

    Table 1: SMB Tail Protocol Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address, host name, or name for the log source as an identifier for your iT-CUBE agileSI events.

    Server Address

    Type the IP address of your iT-CUBE agileSI server.

    Domain

    Type the domain for your iT-CUBE agileSI server.

    This parameter is optional if your server is not in a domain.

    Username

    Type the user name that is required to access your iT-CUBE agileSI server.

    The user name and password you specify must be able to read to the LEEFYYYYDDMM.txt file for your agileSI events.

    Password

    Type the password that is required to access your iT-CUBE agileSI server.

    Confirm Password

    Confirm the password that is required to access your iT-CUBE agileSI server.

    Log Folder Path

    Type the directory path to access the LEEFYYYYDDMM.txt file.

    Parameters that support file paths gives you the option to define a drive letter with the path information. For example, you can use c$/LogFiles/ for an administrative share, or LogFiles/ for a public share folder path, but not c:/LogFiles.

    If a log folder path contains an administrative share (C$), users with NetBIOS access on the administrative share (C$) have the proper access that is required to read the log files. Local or domain administrators have sufficient privileges to access log files that are on administrative shares.

    File Pattern

    Type the regular expression (regex) required to filter the file names. All matching files are included for processing when JSA polls for events.

    For example, if you want to list all files that end with txt, use the following entry: .*\.txt. Use of this parameter requires knowledge of regular expressions (regex). For more information, see the following website: http://docs.oracle.com/javase/tutorial/essential/regex/

    Force File Read

    Select this check box to force the protocol to read the log file. By default, the check box is selected.

    If the check box is clear the event file is read when JSA detects a change in the modified time or file size.

    Recursive

    Select this check box if you want the file pattern to search sub folders. By default, the check box is selected.

    Polling Interval (in seconds)

    Type the polling interval, which is the number of seconds between queries to the event file to check for new data.

    The minimum polling interval is 10 seconds, with a maximum polling interval of 3,600 seconds. The default is 10 seconds.

    Throttle Events/Sec

    Type the maximum number of events the SMB Tail protocol forwards per second.

    The minimum value is 100 EPS and the maximum is 20,000 EPS. The default is 100 EPS.

  11. Click Save.
  12. On the Admin tab, click Deploy Changes.

    The configuration is complete. As your iT-CUBE agileSI log source retrieves new events, the Log Activity tab in JSA is updated.