I think I understand the idea of an identity feed - authentication log data associating user identity to IP addresses (and possibly computer names?) is turned into a feed, so that future activity from the IP address is automatically tagged with the ID. But I haven't been able to find any useful explanation of the specifics, nor to get one working.
I've apparently made an identity feed on a log collector service with default parameters (because I don't know what the parameters are, so I wouldn't know what values to enter for them).
Now, where to find this feed file to check if it has any content? The host with the log collector service doesn't have any listeners on port 80 or 443, there doesn't seem to be an obvious web service to check.
The documentation of this is a bit... sparse. The 10.5 help doc gets you as far as "be in the Event Destinations tab of the log decoder config view" and then leaves you to fend for yourself.
The 10.2 documentation gets all the way to "This is the screen you'll be scratching your head at. Enter the correct information. Good luck guessing what any of it means"
I wish I could ask a more specific question, but I'm sufficiently baffled I don't know where to start
Thanks very much