1 of 1 people found this helpful
I have had trouble before when running the demo appliance where it thinks the license is already expires so it won't let me add nodes. I had to contact support to resole if I recall correctly; this was a while back.
If you go to the CLI menu console on the appliance under the appliance menu you can actually check the raw syslogs by running "checklogs". From there you can specify the different logs you want to look at to verify that LEM is actually receiving the logs.
Once you have verified that LEM is actually receiving the logs then you need to verify if the connector will actually capture the logs that you have.
Hope this helps!
I double checked the list of connectors and everything marked APC is used in discovery (there's a few connectors that are greedy and would match everything so they are excluded purposefully rather than being confusing).
- As Byron said, check your logging to make sure they are appearing there. It's possible we're not receiving the data (you never know!).
- It's possible we haven't seen enough data for discovery to scan properly - those devices might only send events infrequently which can make them hard to scan for. The scan works by checking existing log files for log messages (hence #1 suggestion) and if it can't find any it can't suggest the match.
- It's possible that the format has changed from what our connector expects and we need to update the connector. We try to stay ahead of them where we can based on requests, but in almost all cases we only find out something has changed based on customers reporting the changes.
- To rule this out, you can manually configure a connector from Manage > Appliances > Gear (left) -> Connectors. Search for your connector, add an instance, make sure it is configured for the right log file/facility, and start it. You might have to wait for data (see #2).
If you see "Unmatched Data" or data doesn't look right (or after all that you're still not seeing it) we can file a request with engineering, a log sample will help (you can use exportsyslog on the appliance if you're not syslogging anywhere else).