Preventing Active Directory Windows servers from being identified as separate Windows and Active Directory sources in TIBCO LogLogic LMI when collected using Lasso Enterprise

Preventing Active Directory Windows servers from being identified as separate Windows and Active Directory sources in TIBCO LogLogic LMI when collected using Lasso Enterprise

book

Article ID: KB0077451

calendar_today

Updated On:

Products Versions
TIBCO LogLogic Lasso Enterprise all versions

Description

This article explains how to prevent Active Directory Windows servers from having an Active Directory log source entry be created by LogLogic LMI when using Lasso to collect the events.

Some Windows servers, specifically Active Directory Servers, will trigger the creation (when auto-identify is enabled) of 2 separate log sources: Windows and Active Directory. All of these logs are collected using Lasso or LogLogic Universal Collector.
 

Issue/Introduction

This article explains how to prevent Windows sources whose data is collected via Lasso from being identified as both Windows and Active Directory log sources.

Resolution

When using Lasso Enterprise you can edit the hostlist.ini file for each Windows server entry to change the *6 to a *3.  That *6 entry is shorthand for the standard 3 Windows type logs, Application, Security, and System, plus 3 more logs that only Active Directory Domain Controllers have: Directory Service, DNS and File Replication.

This will avoid getting the Active Directory log sources created in LMI but it means the AD-related event journals will not be collected.

The Windows Security log is the one that receives entries for things like Active Directory logins and other account management events, so you'll still get records of users logging in to the Active Directory network even if you just have the *3 type entry on your Domain Controllers.

Powered by Wolken Software