Eventia Reporter R65 : no logs !

[foo727]

Hi all,

I'm using a distributed installation :
Smartcenter is on redhat.
Reporter on SPLAT.
SIC is ok and i can connect to the reporter using the Eventia Reporter client.
I setup a consolidation session in it.

i try to generate a report : all i get is fw_log and cpd, no user traffic !

Maybe I missed something. Do I have to forward the log files to the Reporter ?? It seemed to me that it was automatic...

Thanks for your help
Arno

[chillyjim]

Did you "install database" on the EVR and smartcenter?

[foo727]

yes i did it.
Here is what I did.

I created a checkpoint host in which i checked the Eventia Reporter option (do I have to check log server ??)

I modified the consolidation policy to set all rules to store, so i'm sure to get some consolidation logs.
After that I installed the database.

When i generate a report, the only datas available are :
cpd, fw1-log, icmp, igmp.

Any idea ?

[lammbo]

You don't need to check log server unless you plan on logging to it. Did you check the Eventia Correlation Unit though? That needs to be on as well.

Did you setup the log consolidation job?
If not: Eventia Reporter GUI -> Management -> Consolidation -> Create New
Add the Log server(s), they should be in a pre-populated list. Acccept defaults

[foo727]

I found the problem.
In fact, i'm working on a migration and i didn't know we have the possibility to create several consolidation policies. The customer already created some policies and the default consolidation job relies on a policy which consolidates almost nothing.... I changed this using a custom job and everything works fine now.
Thanks for the help.