Unable to collect events from remote logfiles with Logfile Sensors
You have an event collector that is trying to collect logs from a remote (network) location. Your collector logs may reflect an error such as:
"LogFilePath parameter is required and has to point to an existing directory."
"Error while init <Sensor name>
Note: This is an unsupported solution. If this works in the customer's environment it is dependent on the customer to maintain permissions, rights and active connections to the UNC path. If the connections fail sporadically the Event Agent may not be able to reconnect automatically.
It is possible for a Symantec Event Collector running on one Windows computer to read log files stored on another Windows computer. However, for this to work you may change the user account used by the Symantec Event Agent service. This is necessary because the default LocalSystem account used by the Agent service does not have access to network resources.
The service must be owned by a regular Windows user account and this user account must have access rights to the Windows network share on the other computer which contains the log file(s).
Setup the Symantec Event Agent Service with a Windows User
Setup the sensor to point to the Shared logfile location
On the Symantec Security Information Manager appliance, in the collector’s logfile sensor configuration, type the UNC path to the network share containing the logfiles, in the format \\<IP address or DNS-resolvable hostname>\<share name>
Note: On a Windows 2003 Server machine, there is a special account named Network Service available, which can access network resources.