Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
bvuma_m Absent Member.
Absent Member.
166 views

Deepsight

I have installed common event file format smart connector on windows server.  The smart connector  service  run using account that has full control access to the directory where the deepsight logs are dumped. I can see the logs deepsight logs on the directory but on ESM console the connector does not seem to get the logs. I have checked the logs on the smart connector and discovered the following error"

ERROR

[2014-08-19 15:51:22,662][WARN ][default.com.arcsight.agent.loadable.agent._CEFFileAgent][mainLoop] D:\DeepSight\ipRep\IP Reputation CEF Feed (Access is denied) [2014-08-19 15:51:22,662][WARN ][default.com.arcsight.agent.loadable.agent._CEFFileAgent][startNewThread] Agent Started, but the file[D:\DeepSight\ipRep\IP Reputation CEF Feed] did not appear yet...will retry after [5] seconds."

Labels (3)
0 Likes
Reply
3 Replies
abezverkhyi Honored Contributor.
Honored Contributor.

Re: Deepsight

Hello,

This can be 2 things: either a Windows AD rights issue or the connector does not follow a real-time log.

Since you are running connector locally, the first issue is unlikely, but to double-check everything, I would logon under user that connector is running on (or access remotely if interactive logon is disabled or use /runAs command for notepad) and see if you can access the file (not just see it, but, say, open in notepad).

What is rotation interval of DeepSight log? It may be that connector follows a folder, of rotated logs + real-time logs that were started/created after connector process is already running. In latter case you can just leave connector on until rotation period and see if it starts reading.

I don't have guide handy atm, so just following diagnostic procedure..

kind regards,

Andrey

0 Likes
Reply
nils.guenther@t Honored Contributor.
Honored Contributor.

Re: Deepsight

Well "Access is denied" sounds pretty clear. Andrey B alrerady described test procedure to confirm whether the account under which connector runs has access rights. Possible reason might be that you have disabled "include inheritable permissions from this object's parents" somewhere in the folder hierarchy resulting in access rights for single files being different from those for the folder.

0 Likes
Reply
Highlighted
bvuma_m Absent Member.
Absent Member.

Re: Deepsight


i have sorted the access denied issue, I was able to see the events on arsight after I have specified the xxx.cef file. but now the problem is how will it reads the other file that will be dumped to the folder.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.