Please note in analyzing the log you should find a message in HEX that is paired with the message "
HTTP-E-ENOTFOUND-The URL "/InCharge/V1.0/dmsocket/domain?SYSLOG-OI" was not found on this server.
[September 8, 2014 4:22:46 PM PDT +374ms] t@5132 HTTP #2
CI_MSG-*-FLOW_LOGGER-Flow logger: Flow "HTTP client, request being analyzed: receiving URL(0x0000000005d23aa0) " read up to 2048 bytes; returns 626 bytes at September 8, 2014 4:22:46 PM PDT +374ms:
504F5354202F496E4368617267652F56312E302F646D736F636B65742F646F6D61696E3F5359534C4F472D4F4920485454
502F312E310D0A436F6E74656E742D747970653A206170706C69636174696F6E2F782D736D617274732D736F636B65740
D0A436F6E74656E742D6C656E6774683A20300D0A417574686F72697A6174696F6E3A204261736963204D4470484D4568
686432747A49513D3D0D0A557365722D4167656E743A20466F756E646174696F6E2D432D436C69656E742F392E322E32
2E3120283133323536393B2077696E6E742D7838362D36343B204275696C6420383B2057696E4E5420323036313130290
D0A582D534D415254532D50726F746F636F6C2D56657273696F6E3A2056372E300D0A50726F746F636F6C2D566572736
96F6E3A2056372E300D0A582D534D415254532D436C69656E742D417574683A2061646D696E3A47304861776B73210D0
A582D534D415254532D436C69656E742D486F73743A20434F31494D45414D4130392E7265646D6F6E642E636F72702E6
D6963726F736F66742E636F6D0D0A582D534D415254532D436C69656E742D5069643A20313436300D0A582D534D41525
4532D436C69656E742D4465736372697074696F6E3A204641494C4F5645522D53594E432D4D47522041534C2028726573
7461727461626C65290D0A582D534D415254532D436C69656E742D557365723A2053595354454D0D0A582D534D4152545
32D436C69656E742D446973706C61793A20434F31494D45414D4130392E7265646D6F6E642E636F72702E6D6963726F73
6F66742E636F6D3A302E300D0A582D534D415254532D436C69656E742D4C6F63616C653A20656E5F55530D0A0D0A
[September 8, 2014 4:22:46 PM PDT +374ms] t@5132 HTTP #2
HTTP-E-ENOTFOUND-The URL "/InCharge/V1.0/dmsocket/domain?SYSLOG-OI" was not found on this server.
Converting the HEX message will result with the information you will need with regard to the client. I have removed the actual name
of the host in this output below and renamed it <FQDN OF THE HOST>
POST /InCharge/V1.0/dmsocket/domain?SYSLOG-OI HTTP/1.1??Content-type: application/x-smarts-socket??Content-length: 0??
Authorization: Basic MDpHMEhhd2tzIQ==??User-Agent: Foundation-C-Client/9.2.2.1 (132569; winnt-x86-64; Build 8; WinNT 206110)
??X-SMARTS-Protocol-Version: V7.0??Protocol-Version: V7.0??X-SMARTS-Client-Auth: admin:G0Hawks!??X-SMARTS-Client-Host: CO1IMEAMA09.redmond.corp.microsoft.com??X-SMARTS-Client-Pid: 1460??X-SMARTS-Client-Description:
FAILOVER-SYNC_MANAGER ASL (restartable)??X-SMARTS-Client-User: SYSTEM??X-SMARTS-Client-Display:
<FQDN OF THE HOST>0.0??X-SMARTS-Client-Locale: en_US????
One suggestion for a HEX conversion tool is the following webpage: Disclaimer EMC does not endorse this third party
website and does not guarantee the validity of this third party link:
http://www.dolcevie.com/js/converter.html