ESM Destination Issue
I'm trying to fix my ESM desintation on Logger. The issue is it is not sending logs to ESM. But whenever I restart the connector process on the Logger, it will forward logs for a short period of time then afterwards it will not work again.
Can someone help me on this?
Thanks in advance!
Re: ESM Destination Issue
Do you find that the Logger connector is the only one with an issue for ESM? Are all the other SmartConnectors feeding into ESM working normally at the time you run into problems with the Logger?
If all of the other SmartConnectors are running normally, then the issue is likely at the Logger end of the connection. You would need to start looking around in the logger_server and logger_processor logs for clues. There is a possibility also that there is network issue between logger and ESM which prematurely terminates the connection between the two. You should see clues pointing at that in the logs within Logger and ESM, or you could check take a tcpdump or two and watch what is going on within the TCP conversation.
You can check the manager logs on ESM - particularly the server.log files which should show any obvious unusual disconnect situations for the logger's connector/IP address. You can check to see if the logger connector is up/down at the time from ESM (Connectors in Navigation panel) and check to see if it is still sending statistics information even when it is not sending other events.
You may learn more about how your ESM is performing from some of the system health dashboards. For example, the "Connector Connection and Cache Status" dash. If your other connectors seem fine then you can concentrate more on Logger and the network. If all your connectors are struggling then you may have wider issues with ESM that will require you to consider what changes to the host system, configuration and/or ESM content that has been (added or modififed) recently that could have impacted the performance of ESM.
So..no simple answer at this point, but hopefully this will help you to start your investigation.
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.