Log File Directory

Specify the path to the log file on the security product computer.

Log File Name

Specify the non-changing part of the log file name.

File Name Dynamic

Check this field if the point product creates dynamically named log files; otherwise, leave this field unchecked.

This value is either UTF-8 or UTF-16.

End of File Marker

Specify EOF or NULL (hexadecimal 00) as the end-of-file character.

Start Reading From

Specify from where to start reading the log file when the collector restarts, as follows:

• BEGINNING

  Specifies that the log file is read from the beginning of the most recent file in the directory.

• END

  Specifies that the log file is read from the end of the most recent file. Only events that are written to the log file after the collector starts are read.

• Last Position

  Keeps track of which line the collector is reading from in the current log file, and then continues reading from this position if the collector is interrupted and restarted.

End of Record Marker

Specify the delimiter that is used at the end of each message, as follows:

• ENDOFLINE

  Refers to the end of a line as a message delimiter (CR/LF on a Windows platform; LF on a UNIX platform).

  ENDOFLINE is the default delimiter.

• BLANKLINE

  Refers to a blank line as a message delimiter. You must specify two successive ENDOFLINE characters.

• NULL

  Refers to hexadecimal 00.

Monitor in Real Time

Specify a time offset to convert timestamps of all logged events to the time zone of the collector computer.

You can use a time offset value if both of the following statements are true:

• The time zone of the collector computer and the point product are different

• The timestamps in the point product data are not Coordinated Universal Time (UTC).

You can use this property when the log file does not contain time zone information and the collector and the point product computer are in different time zones.

Acceptable formats are: +HH, -HH, +HH:MM, -HH:MM, where HH is the number of hours (-99 to +99), and MM is the number of minutes (0 to 59). The default value is +00:00.

For example, if Pacific Standard Time (PST) is the time zone of the collector computer, you can specify -3 to convert incoming events with an Eastern Standard Time (EST) to Pacific Standard Time. You can specify +3 to convert incoming events with a Hawaii-Aleutian Standard Time (HST) standard to Pacific Standard Time.

If you enter and distribute an erroneous time zone offset, the collector automatically resets the offset value to the default value of +00:00. An error message is posted in the collector’s log.