Event Sources - Non-Collectors

It is my understanding that the event-source functionality is only capable of evaluating:

Log Files Locally on the CollectorEvent Logs on a remote windows hostSNMP Traps, Syslog, and IPMI events.

The hosts we support with Logicmonitor are multi-platform, Many Linux, some Unix, some AIX, some AS400, some Network Appliances, which cannot be collectors for either technical reasons, OR permissions reasons.

In simple terms, we would like to request a modification to Event Sources which enables the parsing of support for arbitrary log files on remote servers, and shows all alerts and results under the remote server (rather than the collector). I believe this would not be that difficult to do from a development perspective, and would benefit virtually all clients that have non-windows hosts.

As a workaround for now, we\'re in the process of developing several groovy Datasource methods which essentially copy log files from remote machines to the collector hard drive on a recurring basis (expect scripts, powershell, etc). We are then planning on making a local file based EventSource to parse those files on the collector for alerting. Unfortunately, this is very complex and not-optimal, and ultimately the alerts and messages will all show up under the collector. It\'s misleading to our team, and our clients who already struggle to understand context. Now that we\'ve done the part part of making the datasources, we would settle for some kind of dynamic host-property based \'\'appears under\'\' functionality. on the event source configuration.

Please let me know if there\'s something in the pipeline that will resolve this difficulty in some other way, or if you think this would be worth-while as a core feature addition. If so, please also include if you think it will realistically make it into the development cycle this year.