Knowledge Doc: [Standard Connectors] Fix the Multi Folder Flex Connector not reading log files continuously

0 Likes

Summary
The issue is caused by the wrong log file owner

Products
ArcSight Standard Connectors

Environment
RHEL 8.2
Flex Connector 8.3

Situation
Connector not reading log file continuously. Just read logs after restarting

Cause
The issue is from log file owner, it is dataloader:dataloader whereas the connector is running as root -> this make the connector can not read the log file continuously

Resolution
Configure the device to generating the events log files by root:root role.

Additional note
We might need to changes these more in agent.properties

agents[0].foldertable[0].startatend=true -> agents[0].foldertable[0].startatend=false

agents[0].foldertable[0].maxretries=-1 -> agents[0].foldertable[0].maxretries=10

agents[0].foldertable[0].usealternaterotationdetection=false -> agents[0].foldertable[0].usealternaterotationdetection=true

agents[0].foldertable[0].monitoringinterval=-1 -> agents[0].foldertable[0].monitoringinterval=10

agents[0].foldertable[0].processingthreshold=3600000 -> agents[0].foldertable[0].processingthreshold=-1

agents[0].foldertable[0].processingtimeout=120000 -> agents[0].foldertable[0].processingtimeout=-1

-------
these below might be important and need to add:
agents[0].foldertable[0].processingthreshold=-1 -> agents[0].foldertable[0].processingthreshold=1000
agents[0].foldertable[0].processingtimeout=-1 -> agents[0].foldertable[0].processingtimeout=1000

Knowledge Base Article Link


URL Name
KM000008356

Labels:

Knowledge Docs
Comment List
Related
Recommended