I have look through the troubleshoot guide and gathered information based on it
Our RHEL servers are currently connected to the LEM as shown in the LEM console,
have verified that no firewall is between these devices as all the ports are opened,
Started the connector for Linux such as PAM and OpenSHH.
In the LEM Internal Events, the InternalToolOnline shown Started FAST reader for the connectors I have configured and started.
But there are still no logs coming in from the RHEL agents
Client Details
LEM Version: 6.3.1hotfix7
Agent Version: 6.3.1hotfix5
Linux OS: Linux 2.6.32-279.37.2.el6.x86_64
Web Console: SolarWinds-LEM-v6.3.1
Installer Files
LEM Installer: SolarWinds-LEM-v6.3.1-Evaluation-HyperV
Agent Installer: SolarWinds-LEM-v6.3.1-HF5-Linux64AgentInstaller
Console Installer: SolarWinds-LEM-v6.3.0-Console & SolarWinds-LEM-v6.3.0-AdobeAIR
Base on this article: https://support.solarwinds.com/Success_Center/Log_Event_Manager_(LEM)/LEM_with_Linux_x64_Agents_show_no_logs
We have verified that our RHEL servers syslog has a non-standard date header format.
We also verified changing the syslog to a non-standard date header format from a standard one will cause the LEM to stop capturing log from the RHEL agents.
However, We are not comfortable in changing the non-standard to a standard one for LEM to take in the logs.
Therefore,
is there any alternatives for this issue?
Is it possible to configure the LEM Agents to take into account of our current Syslog format?
If yes, configuration will only take place in /usr/local/contego/ContegoSPOP?
--------------------------------------------------------------------------------------------------------------------------------------------------------
Okay things have changed.
We have managed to get one of our client devices to change to a standard/default date header for the syslog.
And the logs are sent to LEM and displayed on the Console
May I confirm if the SolarWinds Agent require Default Date Header for Syslog?
As for the Linux Connector, I am using OpenSSH and PAM for /var/log/secure
May I know which connector can I use for /var/log/messages and /faillog
Would appreciate any help provided.