New device types deployed but not show
1. I've introduced new machine to envision
2. created and validated a parser
3. created package and deployed (using the RSA EvenSource Integrator)
4. restarted nic service manager
following the above steps, all messages that should have been parsed (should have because the ESI confirmed all messages parsed correctly) under analysis ->message view -> device type not appears the new device type referent to the new machines integrated.
And, under Overview -> sys configuration ->devices -> Manage device types the new device name appears (with 1 monitored devices).
The parser is for the logs generated by the application "In house" on the linux machine, other than that i see not errors in any logs file that could indicate why the device types are not being shown/created ..
Just to be clear of the problem - you have added a custom device, with a parser but you're not seeing anything under analysis?
Have you checked that 'analyze' is checked in manage monitored devices?
i have a problem with ESI.
I create a new parser for a checkpoint vpn. The parser is ok but i cannot see the messages when i try to run a query.
i used ESI 1.1.1
yeah. i restarted the services, but i have to do this manually. the instalatio script not run.
and i can see the events in the event viewer
i used esi 1.1.1 and try to install the esi package in envision 4.1.
The script always works for me
Ok - so can you see the device folder in /etc/devices? If not, then it hasn't been installed.
You can see the events coming in but are they assigned to the device? Have you set the device as a multi device and assigned the device type to the second device in manage monitored devices? That way you are telling the device to use the new parser that you've created.