Anyone else having issues with 18.104.22.16896 ?
Just noticed on two different conapps shortly after I applied 22.214.171.12496 the EPS out on the containers dropped to 0. EPS in was normal but nothing out. Logs on the container show Connection to [loggername] port 443 failed ping test and then a bunch of java exceptions. I rebooted the entire conapp, no change. Smart connectors seem find though, just the conapps.
We have tried various scenarios and did not hit any issue. We have a number of engineers trying out without any luck. Hence if we can have a bit more information such as :
1) What was the upgrade path you have taken ? From which version to 7.1.2 ?
2) Is it standalone or connectors on connapp ?
3) If it is on connapp, what is the hardware model and Connapp version ?
These details would help us narrow down. Thank you for your patience.
I have upgraded the Connector Appliance to latest version 126.96.36.19981.3. Before that upgraded all the connectors from 5.x to 6.x and a week later to 7.1.1 and after observing the stabilization upgraded to 7.1.2. Everything works fine for me.
Maybe the real issue is with the ConApp version or Upgrade path followed during the Container/Connector Upgrade.
A similar experience here - I had one error here yesterday installing 7.1.2 on one conApp. I was upgrading a previous connector (TrendMicro) which was already at v 7.0.7 - I think I might have skipped over 7.1.1 in the process and installed 7.1.2 on top of 7.0.7. That upgrade failed with a fatal error, I used the "emergency restore" utility to rebuild the container, then installed the 7.1.2 Trend smartConnector once again and everything was ok. On the other conApp I started with a fresh (empty) container anyway, and when I installed the same Trend connector using 7.1.2 I had no issues there.
The conApp's are 188.8.131.5281.3 as in Balashan's post. I also wonder if skipping a connector AUP in the upgrade path on conApp #1 might have been what caused the initial issue..?
I am having the same issue. This is happening with our connector appliances, software connector servers, and local software connectors. It seems that the events go to ESM just fine and give the "failed ping test on 443" error for all the logger connections.
Per the suggestion in the other responses, I'm currently rolling back v184.108.40.20696.0 on 126 connectors.
I see that the support team is saying that they cannot recreate in their lab. This seems odd since so many of us are having the issue and I'm sure we are on a plethora of different conap versions (we have the most current patches including the GHOST patch applied) and software platforms (win 2003, 2008, 2012).
**UPDATE** As soon as I rolled back to 220.127.116.1148 the connections to the Loggers re-established and the cache cleared in minutes.
I had a similar situation and found a work around. No reinstall necessary for me. It was a brand new installation using 7.1.2 (I now supports Oracle audit DB using SSL).
Like your symptoms, data flowed to ESM but not to the logger. I edited the logger destination hostname (from "NYlogger.tad.net" to "NYlogger"), saved it and data started flowing to the logger. I did this on five connectors. Not scientific but try it out.
Will you be able to open an official ticket with support so we can look into the logs and troubleshoot the issue?
This is needed especially because we were not able to repro this in our environment.
Let me know.
Why a ticket is needed? I was told a couple of days ago not to use 7.1.2, as ArcSight is already aware of issues in 7.1.2. So right hand does not talk to left hand?
Just reading the comments here and what I conclude as the comman scenario where the upgrade does not work is when the connector is running 18.104.22.16848 and is registered to send its logs to Logger, not ESM. That is the key detail that I think maybe wasnt configured in your lab, to have it send its logs to logger instead of ESM.
In your lab can you try and setup a logger on 22.214.171.12448 and register it to a logger. Then with your conapp or arcmc, upgrade it to 7.1.2. Once the upgrade is done you should see the connector caching, EPS Out is 0, and in the connector agent logs you will see the error message about unable to ping the logger.
Please give that a try and let us know if you see the same thing that we see or not.
Happened to find this thread while I was in the process of downloading the 7.1.2 SmartConnector binaries.
If there is a known and serious issue with this version that is hitting multiple customers, why is it still available for download?
@HP: Shouldn't it be removed while a fix/root cause is worked on?
I had manually upgraded the smart connector to 7.1.2 on couple of windows servers (without using the connector appliance) and ended up having similar issue (ping test failed to the logger destinations).
I had to rollback to the previous version to resolve the issue.
Carl, I found from the past experience that it is not uncommon to see a common sense becoming uncommon with ArcSight. I know it is twisting, but you get what I mean