bbis11 Honored Contributor.
Honored Contributor.
1577 views

Logger not accessible

Jump to solution

Hello experts,

We have logger at two locations. But today we are not able to access one of them.Below is the error message that we are getting from logger:

Cannot Communicate With Logger Process

Logger server could not be reached, please check the page System Admin | Process Status. (Response was empty)"

Has any one faced similar issue.Please suggest how to resolve this.

Thanks lot in advance.

Thanks

Biswa


Labels (1)
0 Likes
1 Solution

Accepted Solutions
netguru66 Absent Member.
Absent Member.

Re: Logger not accessible

Jump to solution

Per Support Ticket:

Go ahead and access the Logger through SSH and generate a Challenge code.

Then run the commands to retrieve a snapshot of the logs. We will preserve the logs in the "down state" before rebooting.

/opt/arcsight/logger/bin/scripts/retrieve_logs.sh root

The snaphot file location:

/opt/arcsight/logger/tmp/snapshots/snapshots.zip

Make a temporary folder to move the snapshot file to

(example)

cd /opt/data

mkdir snapshot_vanay

Move the snapshots file to the newly created location

mv snapshots.zip /opt/data/snapshot_vanay

Confirm that file has been moved to directory

Proceed to check the status of the processes

/opt/local/monit/bin/monit summary

Stop and start the server process

/opt/local/monit/bin/monit stop servers

***wait until it is not monitored then start****

/opt/local/monit/bin/monit start servers

Check web GUI. If still no access to web GUI, a reboot will need to be performed.

0 Likes
6 Replies
mat053241 Super Contributor.
Super Contributor.

Re: Logger not accessible

Jump to solution

Just dealt with this issue over the weekend.  If logs are still making it into logger, you might just need to restart the apace monit process (/opt/arcsight/local/monit/monit restart apache or monit -h for the command options).  If logs aren't making it into logger, its most likely the same issue I experienced.  The solution was to vacuum the largest postgresql table in the database (support had to do this).  Apparently they have a script thats supposed to be doing this automatically but obviously wasnt.  After the vacuum ran through that table (took maybe 3-4 hrs), I had to reboot the server.  If for some reason it still shows the same error after you reboot, you will most likely need to start the monit process again.

If you haven't already opened a ticket with support, you might want to.

------
0 Likes
bbis11 Honored Contributor.
Honored Contributor.

Re: Logger not accessible

Jump to solution

Hello Matt

Thanks a tonfor your respnse.

The EPS Out is 0 from the connector.So logs are not coming into the logger. I have already opened a ticket with the support to investigate the issue.Can I do anything from my end.

Thanks

Biswa

0 Likes
mat053241 Super Contributor.
Super Contributor.

Re: Logger not accessible

Jump to solution

Not that Im aware of -  I could send you the code they ran on my logger server, but i'm not at my desk and wont be until tomorrow.  If it's an appliance, you can open up a root ssh session onto the server and request the response code for authorization from support.  That will at least speed up the process since they will want access to the device (assuming they have you connect to their remote session).

Other than that, keep an eye on your connector(s) so that the cache doesn't exceed it's limit and start dropping events.  If it does, you might want to increase the cache size if possible.

------
0 Likes
netguru66 Absent Member.
Absent Member.

Re: Logger not accessible

Jump to solution

Per Support Ticket:

Go ahead and access the Logger through SSH and generate a Challenge code.

Then run the commands to retrieve a snapshot of the logs. We will preserve the logs in the "down state" before rebooting.

/opt/arcsight/logger/bin/scripts/retrieve_logs.sh root

The snaphot file location:

/opt/arcsight/logger/tmp/snapshots/snapshots.zip

Make a temporary folder to move the snapshot file to

(example)

cd /opt/data

mkdir snapshot_vanay

Move the snapshots file to the newly created location

mv snapshots.zip /opt/data/snapshot_vanay

Confirm that file has been moved to directory

Proceed to check the status of the processes

/opt/local/monit/bin/monit summary

Stop and start the server process

/opt/local/monit/bin/monit stop servers

***wait until it is not monitored then start****

/opt/local/monit/bin/monit start servers

Check web GUI. If still no access to web GUI, a reboot will need to be performed.

0 Likes
UbissIctAppSic1 Respected Contributor.
Respected Contributor.

Re: Logger not accessible

Jump to solution

As far as I know Biswa you can't do anything from your end.

If connectors stop sending logs toward your logger it can be needed a vacuum of the postgresql tables.

At least it is what Support it's been doing to fix your very same problem I faced some days ago.

Hope this can help you.

Giordano.

0 Likes
bbis11 Honored Contributor.
Honored Contributor.

Re: Logger not accessible

Jump to solution

Hi Vanay,

Thanks for the reply. Can we do something so that this issue can be detected well before happening?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.