I have several web servers running Apache/Tomcat. I know how to collect the Apache logs using SFTP Agent. Is there a way to also collect the Tomcat logs from these systems without having the Tomcat events classified as Apache events within enVision?
So I suspect I can create a separate directory spec for the tomcat logs in the sftpagent.conf, and create a new File Reader for TomCat. Is this all that is required to collect these logs, or do I need a device.xml for the Tomcat logs?
Did you install the latest Event Source Update? There is now an distinct new event source support for Apace Tomcat in the latest Event Source Update posted to Secure Care Online on October 4th. See attached.
On the subject of adding a new file reader for a second device type for an IP that's already in enVision for a different device: I tried this and had problems. I was using apache with the file reader just fine by itself. Then I added BSM with its file reader on the same IP. This caused the apache events to stop working. The solution I used was to use a different IP for each file reader instance. So, even on a server with one real IP, I might have 3, 4 or more IPs in enVision. This keeps the logs working correctly.
Did you check the "Multi-Device" box in the Manage Monitored Devices for that Apache device IP before adding the second device type?
I haven't applied this yet, but I suspect it will be the best solution for my problem.
Retrieving data ...