Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
bvuma_m Absent Member.
Absent Member.
290 views

UDP SYSLOG DROPS EVENT FOR CISCO ASA

Hi


how does one resolve smart connector UDP syslog from dropping events,  nothing has changed as far as
confiugration is concerned, but all for sudden , lots of alert of smart
connector UDP syslog dropping events. This syslog is collecting cisco ASA logs. I have checked the memory and it's assigned 1024MB and memory usage at 4748
MB.

Labels (1)
0 Likes
Reply
7 Replies
bvuma_m Absent Member.
Absent Member.

Re: UDP SYSLOG DROPS EVENT FOR CISCO ASA

the workaround has been to restart the connector, which is only a temporary solution,

0 Likes
Reply
Vini Acclaimed Contributor.
Acclaimed Contributor.

Re: UDP SYSLOG DROPS EVENT FOR CISCO ASA

Is this 4748mb of memory used correct or was it typo?

How many events per second is the connector doing?

Chances are that the connector is not able to parse the events fast enough and the pre-parser queue is getting full and the connector starts dropping events.

0 Likes
Reply
Highlighted
bvuma_m Absent Member.
Absent Member.

Re: UDP SYSLOG DROPS EVENT FOR CISCO ASA

Hi

event per second is 690, and the memory usage is (882 MB used out of 1011MB). I have checked the agent.log file and found lots of Warning issues with a message like this(parser values (unable to match messages)).

0 Likes
Reply
Vini Acclaimed Contributor.
Acclaimed Contributor.

Re: UDP SYSLOG DROPS EVENT FOR CISCO ASA

That's why it's dropping events, can you post the errors here?

The errors are making the parser slow down and a backlog is building up. The default maximum size of the parser queue is pretty small and once it is full events are dropped.

0 Likes
Reply
aneeshpskadavil1 Honored Contributor.
Honored Contributor.

Re: UDP SYSLOG DROPS EVENT FOR CISCO ASA

Hi,

Did you solved this issue. Right now we are also having an issue with citirx net scalar logs. I already have a ticket opened with Arcsight for the same for long time. The agent logs are showing exactly the same message. Can you give me hint on how to solve this issue.

Regards,

Aneesh

0 Likes
Reply
aneeshpskadavil1 Honored Contributor.
Honored Contributor.

Re: UDP SYSLOG DROPS EVENT FOR CISCO ASA

any body know how to view the obfuscated parser of Arcsight Syslog connector.

Regards

Aneesh 

0 Likes
Reply
rkent1 Acclaimed Contributor.
Acclaimed Contributor.

Re: UDP SYSLOG DROPS EVENT FOR CISCO ASA

Hi Aneesh, I believe you can ask support for them based on your issue and use case.

Reference; See the top of page 3 on this presentation ->

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.