michael_hoang Respected Contributor.
Respected Contributor.
1429 views

Logger Forwarder is not working as expected

Jump to solution

Dear all,

 

I have configured Logger Forwarder from Logger Console to forward CheckPoint events to ESM. However, I do not receive any events from Logger except the logger internal event.

Here is my setting for Forwarder:

setting.JPG

 

 

Is there any further thing that i need to be done to make it works?

 

Regards,

Anh

0 Likes
1 Solution

Accepted Solutions
dcorwin25 Honored Contributor.
Honored Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

Verify that the CEF version on the logger destinations on the connector is set to 0.1 and NOT 1.0. If it is set to version 1.0, that's your problem!

Dave

11 Replies
ABader Super Contributor.
Super Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

Hello Michael,

the config looks ok.

normaly it should work.

Try to restart the forwarder.

Kind regards

Andreas

0 Likes
michael_hoang Respected Contributor.
Respected Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

do you mean restarting connector process?

I have tried to restart it many times but still not works 😞

0 Likes
Highlighted
ABader Super Contributor.
Super Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

i mean disable an enable the forewarder again on Forwarder tab.

>>I do not receive any events from Logger except the logger internal event.

with the query that is visible in screenshot you should not receive any internal events.

Do you have any second Forwarder running on the logger?

 

Kind regards

Andreas

0 Likes
michael_hoang Respected Contributor.
Respected Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

No, I dont have any other forwarder

I have tried to restart the Forwarder but issue still persists.

Is there any Forwarder log that I can check if there is any problem from backend process?

0 Likes
ABader Super Contributor.
Super Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

i know no special forwarder log but you can find some entrys in logger_server.log and logger_server.out.log

0 Likes
michael_hoang Respected Contributor.
Respected Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

i have scanned through these files but no sign attracting me about this issue.

Can you please help to scan it quickly if possible? Really appreciate for your help so far 🙂

Regards,

Anh

 

0 Likes
alexandros_n Honored Contributor.
Honored Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

I would suggest to restart Forwarder and Connector services (both) after every change that involved forwarding to ESM.

 

Differently open a case with support to check the connector logs.

0 Likes
michael_hoang Respected Contributor.
Respected Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

Yah sure...let's me open a support ticket for the same.

Thank you so much for your help so far 🙂

 

Regards,

Anh

0 Likes
dcorwin25 Honored Contributor.
Honored Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

Verify that the CEF version on the logger destinations on the connector is set to 0.1 and NOT 1.0. If it is set to version 1.0, that's your problem!

Dave

michael_hoang Respected Contributor.
Respected Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

Yes, you are totally correct, Dave. That is the issue. Now, it is working perfectly.

Just a small question: why is not CEF 1.0 not working but 0.1 does? What is the main different between these version setting?

Really appreciate for your help.

0 Likes
alexandros_n Honored Contributor.
Honored Contributor.

Re: Logger Forwarder is not working as expected

Jump to solution

There are some small differences in the format regarding IPV6 fields. ESM doesn't support CEF 1.0 (it is documented but I'm sure no one will notice it.)

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.