i have successfully setup the XML API using the example provided in the documentation and it is working fine.
i used kiwi syslog and vb script.
when monitoring using the User-ID agent (version 4.1.5-1) i notice that my Active Directory servers how as connected but my one syslog server shows disconnected with hundreds of entries each having a different port. it is almost like each time the script runs a new connection is made and then disconnected.
here is an example :
Server TYpe Status
10.240.2.68:61409 XML API Disconnected (XML API)
10.240.2.68:61665 XML API Disconnected (XML API)
10.240.2.68:61921 XML API Disconnected (XML API)
is this normal or is there a way to keep one connection open for the syslog server?
This is how Kiwi syslog works:
- Match a line
- Execute a script
if you don't want a new connection each time, you have to write another script that stay connected to the Agent
and you have to modify the current script to publish the User/IP Mapping to the local script instead the UID agent.
Please note that the UID-Agent can support up to 100 simultaneous connection and if a connection is up 10 min without any message, the connection will be dropped (you can send some keepalive if you want).
Hi Mark Miller,
Did you successfully setup the XML API with Kiwi Syslog and managed to get UID Agent updated the ip-user-mapping? Do you mind to share how do you did it?
I had setup the Kiwi Syslog with the VB script but it doesn't work. Thanks in advance.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!