How to configue JDBC probe to retrieve data from ISS Site Protector

 

We can use the JDBC probe to acquire events from ISS Site Protector. We will connect the JDBC probe to the ISS Site Protector Database which use Microsoft (MS) SQL Sever database.

 

Pre-requisites:

JDBC driver for MS SQL Server database must be in the system before running the probe. You can use JDBC driver for MS SQL Server database ; or other JDBC drivers that support MS SQL Server database (eg: jTDS )

 

A) Pre-steps before running the probe

 

  • Environment setup for JDBC driver

     

  For the demo here, we are using Microsoft JDBC driver 4.0 for SQL Server .

  1. Download the JDBC driver fromMicrosoft MSDN site

  2. Install the JDBC driver. When the installation completes, check if the driver file which is a jar is in your installed path. For our example, the Microsoft JDBC driver 4.0 (sqljdbc4.jar) has been installed in Windows platform at below path:

C:\Microsoft JDBC Driver 4.0 for SQL Server\sqljdbc_4.0\enu\sqljdbc4.jar

  1. Set CLASSPATH to the installed JDBC driver path:

On Unix:

bash$ export CLASSPATH=/opt/tivoli/netcool/omnibus/probes/java/sqljdbc4.jar

 

On Windows:

C:\ > set CLASSPATH=”C:\Microsoft JDBC Driver 4.0 for SQL Server\sqljdbc_4.0\enu\sqljdbc4.jar”

 

  • Download and install the JDBC probe

 

Please refer to the Netcool/OMNIbus Information Center for steps to download the installation package from the Passport Advantage Online website and installing the probes.

 

  • Environment setup for ISS Site Protector

 

Please refer to IBM ISS Site Protector Documentation on how to setup the ISS Site Protector system. You have to ensure your ISS Site Protector and its MS SQL Server database are up and running.

 

For the demonstration in this post, we have setup our ISS Site Protector and its MS SQL Server on a Windows platform.

 

  • Environment setup for JAVA / JRE

  1. You may have to setup your JAVA_HOME and PATH in your probe environment to which JAVA version you want the probe to be run with.

  2. There is a default IBM Java JRE delivered with your Netcool/OMNIbus installation.

    On Unix:

    $OMNIHOME/../platform/<arch>/jre_<version>/jre

 

On Windows:

C:\IBM\Tivoli\Netcool\platform\win32\jre_<version>\jre

 

  1. set the JAVA_HOME to use the default JRE:

On Unix (eg, Solaris platform, Netcool/OMNIbus 7.2.1):

bash$ export JAVA_HOME=$OMNIHOME/../platform/solaris2/jre_1.5.6/jre/

 

On Windows (eg: Netcool/OMNIbus 7.3.1):

C:\ > set JAVA_HOME=”%OMNIHOME%\..\platform\win32\jre_1.6.7\jre”

 

 

 

  1. set the PATH to use the default JRE:

On Unix (eg, Solaris platform, Netcool/OMNIbus 7.2.1):

bash$ export PATH=$OMNIHOME/../platform/solaris2/jre_1.5.6/jre/bin:$PATH

 

On Windows (eg: Netcool/OMNIbus 7.3.1):

C:\ > set PATH=”%OMNIHOME%\..\platform\win32\jre_1.6.7\jre\bin;%PATH%”

 

 

 

  1. You can set PATH and JAVA_HOME to different JRE too.

 

 

B) Customized rules file and configuration file for ISS Site Protector

 

There is a set of additional customized rules file and configuration file in the JDBC probe package for ISS Site Protector integration.

 

To support ISS Site Protector, you require the following files (for Windows):

 

  • %OMNIHOME%\probes\win32\iss_siteprotector.rules: This is the alternative rules file that you should specify in the RulesFile property instead of jdbc.rules.

  • %OMNIHOME%\probes\win32\sitepro.include.lookup: This lookup file is referenced by rules file for field/value mapping related to ISS Site Protector tables.

  • %OMNIHOME%\probes\win32\sitepro.post.include: This include file allows the probe to use a modified ObjectServer schema.

  • %OMNIHOME%\var\select_rules.sql: This file contains the mandatory select query that the probe uses to acquire data from ISS Site Protector.

 

You may want to review each of abovementioned file and do your own customization or configuration accordingly. As example, you can change/enhance the select_rules.sql and iss_siteprotector.rules for any additional data filtering or data enrichment.

 

In this demonstration we are showing you to retrieve data from ISS Site Protector using the default customized configuration file. Please refer to the Probe Referenced Guide for other details.

 

 

C) Configure and run the JDBC probe

 

Below demonstrate to you how to configure JDBC probe on Windows platform:

 

  1. Start your Netcool/OMNIbus Object Server (eg: NCOMS).

    %OMNIHOME%\bin\nco_objserv.exe

     

  2. You have to edit your jdbc.props for JDBC connection and ISS Site Protector configuration. Probe specific properties such as: DBUsername, DBPassword, JdbcDriver, JdbcUrl, SelectSqlFile and RulesFile have to be configured accordingly to match your ISS Site Protector database credentials. Please refer to Probe Referenced Guides for more details.

     

  3. Set your %OMNIHOME%\probes\win32\jdbc.props to the configuration below, save and close the file after that:

    # Please replace SQL server user name and password below

    DBPassword : 'your_db_password'

    DBUsername : 'your_db_user'


    # Below is the driver name for Microsoft JDBC driver

    JdbcDriver : 'com.microsoft.sqlserver.jdbc.SQLServerDriver'

    # Please replace your_ip_or_hostname to your SQL server IP/hostname, eg: 10.0.0.1

    # or localhost; and replace your_port_number to SQL server port, default is 1433

    # eg: “jdbc:sqlserver://localhost:1433;databaseName=RealSecureDB”


    JdbcUrl : 'jdbc:sqlserver://your_ip_or_hostname:your_port_number;databaseName=RealSecureDB'

    SelectSqlFile : 'C:\\IBM\\Tivoli\\Netcool\\omnibus\\var\\select_rules.sql'

    RulesFile : 'C:\\IBM\\Tivoli\\Netcool\\omnibus\\probes\\win32\\iss_siteprotector.rules'


    MessageLevel : 'debug'

     

  4. At the probes directory, run the following commands to double check the value set in the previous step..

     

    C:> cd %OMNIHOME%\probes\win32



    C:\IBM\Tivoli\Netcool\omnibus\probes\win32>echo %CLASSPATH%

    C:\Microsoft JDBC Driver 4.0 for SQL Server\sqljdbc_4.0\enu\sqljdbc4.jar



    C:\IBM\Tivoli\Netcool\omnibus\probes\win32>
    nco_p_jdbc.bat -version

    Jdbc probe temp file "Jdbcloc_3180-5693.tmp" used to find default jvm dll path

    Netcool/OMNIbus NON NATIVE - Version 7.3.1

    (C) Copyright IBM Corp. 1994, 2007

    Information: Requested to execute in CONSOLE mode

     

    2013-03-14 14:59:10 Service starting in console mode...

    Netcool/OMNIbus probe - Version 7.3.1

    (C) Copyright IBM Corp. 1994, 2007

     

    Netcool/OMNIbus Probe API Library Version 7.3.1

    Release ID: 1.0.9

    Jar Build Date: Thu Mar 07 2013 04:38:17 on piccolo (Windows Server 2003 5.2 build 3790 Service Pack 2)

    API Release ID: 5.21.50

    Software Compile Date: Tue Jan 08 15:11:40 UTC 2013 on piccolo (CYGWIN_NT-5.2 1.

    7.14(0.260/5/3) 2012-04-25 09:41)

     

     

  5. Run the command to start the probe

     

    C:> cd %OMNIHOME%\probes\win32



    C:\IBM\Tivoli\Netcool\omnibus\probes\win32>echo %CLASSPATH%

    C:\Microsoft JDBC Driver 4.0 for SQL Server\sqljdbc_4.0\enu\sqljdbc4.jar



    C:\IBM\Tivoli\Netcool\omnibus\probes\win32>
    nco_p_jdbc.bat -messagelog jdbc.log

    Jdbc probe temp file "Jdbcloc_719-21186.tmp" used to find default jvm dll path

    Netcool/OMNIbus NON NATIVE - Version 7.3.1

    (C) Copyright IBM Corp. 1994, 2007

    Information: Requested to execute in CONSOLE mode

     

    2013-03-14 15:11:05 Service starting in console mode...



     

  6. You would see the probe receiving events from ISS Site Protector in probe logs (jdbc.log). If the connection failed or there are no incoming events, please check your JDBC connection configuration (properties like DBUsername, DBPassword, JdbcDriver, JdbcUrl, SelectSqlFile and RulesFile) and check whether your ISS Site Protector database has records (Default ISS Site Protector database: RealSecureDB, Table: SensorData / SensorData1).

    jdbc.log:

     

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Attempting API interrogation

    2013-03-14T15:11:05: Debug: D-UNK-000-000: C:\IBM\Tivoli\Netcool\platform\win32\bin\libOpl.1.dll

    2013-03-14T15:11:05: Debug: D-ETC-004-032: Attempting to load module 'libOpl.1' from path: C:\IBM\Tivoli\Netcool\platform\win32\bin\libOpl.1.dll

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Loaded module successfully

    2013-03-14T15:11:05: Debug: D-UNK-000-000: OplPropIsEncrypted detected

    2013-03-14T15:11:05: Information: I-UNK-000-000: Connecting ...

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Shutting down Probewatch heartbeat thread.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Probewatch heartbeat thread is already shutdown.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Stopping separate communications threads if they are running.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Running with single threaded communications.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Reading C:\IBM\Tivoli\Netcool\omnibus\probes\win32\iss_siteprotector.rules

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Plain text rules file detected.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Including C:\IBM\Tivoli\Netcool\omnibus\probes\win32\sitepro.include.lookup

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Plain text rules file detected.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: End of C:\IBM\Tivoli\Netcool\omnibus\probes\win32\sitepro.include.lookup

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Including C:\IBM\Tivoli\Netcool\omnibus\probes\win32\sitepro.post.include

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Plain text rules file detected.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: End of C:\IBM\Tivoli\Netcool\omnibus\probes\win32\sitepro.post.include

    2013-03-14T15:11:05: Debug: D-UNK-000-000: End of C:\IBM\Tivoli\Netcool\omnibus\probes\win32\iss_siteprotector.rules

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Number of currently connected servers in list is 0

    2013-03-14T15:11:05: Information: I-UNK-000-000: Using targets specified by properties

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Creating target for server NCOMS.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Setting default target server to 'NCOMS'.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Default target backup server is ''.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Primary server is 'NCOMS' backup is ''.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Attempting a connection to server 'NCOMS'.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Checking for backup ObjectServer.

    2013-03-14T15:11:05: Information: I-UNK-000-000: 'NCOMS' is a primary server. Polling disabled.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Checking for svc update support.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Server SUPPORTS services.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: svc update SUPPORTED

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Server Verification Starting.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Server Verification Complete.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: SAF: Forwarding SAF file on Initial startup

    2013-03-14T15:11:05: Debug: D-UNK-000-000: SAF: Disconnectiontime = 0 : Expire time = 0

    2013-03-14T15:11:05: Debug: D-UNK-000-000: SAF: Forwarding events from SAF files

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Heartbeat mode is: standard

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Heartbeat mode is standard, probe will function as normal without heartbeating

    2013-03-14T15:11:05: Debug: D-ETC-004-049: THREAD MGR: started thread failover-thread (01F184D0)

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Final number of connected servers in list is 1

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Starting communication thread for server NCOMS.

    2013-03-14T15:11:05: Debug: D-ETC-004-050: THREAD MGR: thread failover-thread (01F184D0) running

    2013-03-14T15:11:05: Debug: D-ETC-004-049: THREAD MGR: started thread NCOMS-ComThread (01F36720)

    2013-03-14T15:11:05: Debug: D-ETC-004-050: THREAD MGR: thread NCOMS-ComThread (01F36720) running

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Created communication thread for server NCOMS.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Running with multithreaded communications.

    2013-03-14T15:11:05: Debug: D-ETC-004-049: THREAD MGR: started thread probewatchheartbeat-thread (01F37198)

    2013-03-14T15:11:05: Debug: D-UNK-000-000: Probewatch heartbeat thread created successfully.

    2013-03-14T15:11:05: Debug: D-ETC-004-050: THREAD MGR: thread probewatchheartbeat-thread (01F37198) running

    2013-03-14T15:11:05: Debug: D-UNK-000-000: NSProbe - Reentrant Version

    2013-03-14T15:11:05: Debug: D-ETC-004-049: THREAD MGR: started thread NSProbe Event Processor (01F37C10)

    2013-03-14T15:11:05: Debug: D-ETC-004-050: THREAD MGR: thread NSProbe Event Processor (01F37C10) running

    2013-03-14T15:11:05: Debug: D-UNK-000-000: API function OplPropIsEncrypted is available for property logging.

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) FlushBufferInterval-> 0

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) PidFile-> C:\IBM\Tivoli\Netcool\omnibus\var\jdbc

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) MaxEventQueueSize-> 10000

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) DataBackupFile->

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) PidFile-> C:\IBM\Tivoli\Netcool\omnibus\var\jdbc

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) RetryCount-> 0

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) RetryInterval-> 0

    2013-03-14T15:11:05: Debug: D-JPR-000-000: com.ibm.tivoli.netcool.omnibus.oidk.Probe.start ENTERING

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) ResyncInterval-> 60

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) HeartbeatInterval-> 0

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) Inactivity-> 0

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) InitialResync-> true

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) SelectSqlFile-> C:\IBM\Tivoli\Netcool\omnibus\var\select_rules.sql

    2013-03-14T15:11:05: Debug: D-JPR-000-000: java.lang.Thread.run ENTERING

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) InitialResync-> true

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) ResyncInterval-> 60

    2013-03-14T15:11:05: Debug: D-JPR-000-000: Initializing probe specified properties on startup...

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) JdbcDriver-> com.microsoft.sqlserver.jdbc.SQLServerDriver

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) ResyncBatchSize-> 100

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) PreSqlFile->

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) PostSqlFile->

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) DBUsername-> root

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) DBPassword-> root

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) JdbcUrl-> jdbc:sqlserver://9.127.183.230:1433;databaseName=RealSecureDB

    2013-03-14T15:11:05: Debug: D-UNK-000-000: (Non-encrypted property) SqlWarnings-> true

    2013-03-14T15:11:07: Debug: D-UNK-000-000: (Non-encrypted property) MarkerColumn->

    2013-03-14T15:11:07: Debug: D-UNK-000-000: (Non-encrypted property) DataBackupFile->

    2013-03-14T15:11:07: Debug: D-UNK-000-000: (Non-encrypted property) MarkerColumnSensitive-> false

    2013-03-14T15:11:07: Information: I-UNK-000-000: Probewatch: Running ...

    2013-03-14T15:11:07: Debug: D-UNK-000-000: Rules file processing took 0 usec.

    2013-03-14T15:11:07: Debug: D-UNK-000-000: Flushing events to object servers

    2013-03-14T15:11:07: Debug: D-UNK-000-000: Flushing events to object servers

    2013-03-14T15:11:07: Information: I-JPR-000-000: Probe started

    2013-03-14T15:11:07: Debug: D-JPR-000-000: com.ibm.tivoli.netcool.omnibus.probe.framework.ProbeRunner.run ENTERING

    2013-03-14T15:11:07: Information: I-JPR-000-000: No target has been registered with the CommandService

    2013-03-14T15:11:07: Debug: D-JPR-000-000: com.ibm.tivoli.netcool.omnibus.probe.framework.ProbeRunner.run EXITING

    2013-03-14T15:11:07: Debug: D-JPR-000-000: com.ibm.tivoli.netcool.omnibus.probe.framework.ProbeRunner.connectAndRun ENTERING

    2013-03-14T15:11:11: Debug: D-JPR-000-000: Probed connected root@jdbc:sqlserver://9.127.183.230:1433;databaseName=RealSecureDB

    2013-03-14T15:11:11: Information: I-JPR-000-000: Probe is connecting to JDBC data source

    2013-03-14T15:11:11: Debug: D-JPR-000-000: com.ibm.tivoli.netcool.omnibus.probe.framework.ProbeRunner.connectAndRun EXITING

    2013-03-14T15:11:11: Debug: D-JPR-000-000: com.ibm.tivoli.netcool.omnibus.probe.framework.ProbeRunner.connectAndRun ENTERING

    2013-03-14T15:11:11: Debug: D-JPR-000-000: com.ibm.tivoli.netcool.omnibus.probe.framework.ProbeRunner.connectAndRun EXITING

    2013-03-14T15:11:11: Information: I-JPR-000-000: Probe connected

    2013-03-14T15:11:11: Debug: D-JPR-000-000: java.util.TimerThread.mainLoop ENTERING

    2013-03-14T15:11:11: Information: I-JPR-000-000: Resynchronizing Probe

    2013-03-14T15:11:11: Debug: D-JPR-000-000: Finalized partial resync query: SELECT sd.SensorDataRowID, sd.AlertTypeID,

    CASE WHEN sd.SensorDataID IS NULL THEN '-1' ELSE sd.SensorDataID END AS 'SensorDataID',

    CASE WHEN sd.AlertName IS NULL THEN '' ELSE sd.AlertName END AS 'AlertName',

    CASE WHEN sd.AlertID IS NULL THEN '-1' ELSE sd.AlertID END AS 'AlertID',CASE WHEN sd.AlertPriority IS NULL

    THEN '-1' ELSE sd.AlertPriority END AS 'AlertPriority',case WHEN sd.Cleared IS NULL THEN '' ELSE sd.Cleared END AS 'Cleared',

    CASE WHEN sd.ProtocolID IS NULL THEN '-1' ELSE sd.ProtocolID END AS 'ProtocolID',CASE WHEN sd.SrcAddressInt IS NULL

    THEN '-1' ELSE sd.SrcAddressInt END AS 'SrcAddressInt',CASE WHEN sd.DestAddressInt IS NULL THEN '-1' ELSE sd.DestAddressInt

    END AS 'DestAddressInt',CASE WHEN sd.SourcePort IS NULL THEN '-1' ELSE sd.SourcePort END AS 'SourcePort',CASE WHEN sd.ObjectName

    IS NULL THEN '' ELSE sd.ObjectName END AS 'ObjectName',CASE WHEN sd.SensorName IS NULL THEN '' ELSE sd.SensorName END AS 'SensorName',

    CASE WHEN sd.SensorAddressInt IS NULL THEN '-1' ELSE sd.SensorAddressInt END AS 'SensorAddressInt',CASE WHEN secchk.ChkName

    IS NULL THEN '' ELSE secchk.ChkName END AS 'ChkName',CASE WHEN secchk.ChkBriefDesc IS NULL THEN '' ELSE secchk.ChkBriefDesc

    END AS 'ChkBriefDesc',CASE WHEN secchk.SecChkID IS NULL THEN '-1' ELSE secchk.SecChkID END AS 'SecChkID' FROM SensorData sd

    INNER JOIN Observances obs ON sd.ObservanceID = obs.ObservanceID INNER JOIN SecurityChecks secchk ON obs.SecChkID = secchk.SecChkID

    order by sd.SensorDataID

    2013-03-14T15:11:12: Debug: D-JPR-000-000: Start processing resultset as event...

    2013-03-14T15:11:12: Debug: D-JPR-000-000: Processing result set from data source...

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] SecChkID: 500028

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] SrcAddressInt: 159365094

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] DestAddressInt: 159365094

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] AlertID: S8HTEQXIRXSEBM7HRGVCMBYBD4

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] ChkName: EventCollector_Error

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] SensorAddressInt: 159365094

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] AlertTypeID: 1

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] ProtocolID: -1

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] SourcePort: -1

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] SensorDataID: 100000000142239

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] AlertName: EventCollector_Error

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] SensorName: EventCollector_ISSSP9

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] ChkBriefDesc:

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] AlertPriority: 1

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] ObjectName:

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] Cleared: n

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] SensorDataRowID: 1239

    2013-03-14T15:11:12: Debug: D-UNK-000-000: [Event Processor] Processing alert {0 remaining}

    2013-03-14T15:11:12: Debug: D-UNK-000-000: Rules file processing took 0 usec.

    2013-03-14T15:11:12: Debug: D-UNK-000-000: Flushing events to object servers

    ….

     

  7. In event list You would see events from ISS Site Protector: