I have an interesting issue of most of my firewalls not sending logs to the log collector. Have only a 20% success ratio with successful log collection thus far.
I see the below in the below:
Log Collector : 000710004755
Conn ID : lr-10.95.87.8-2
Connection IP : 10.95.87.8
Conn Source IP : lr - def
High speed mode : Disabled
Connection Status : lr - Inactive
msg : Successfully resolved FQDN for connid (lr-10.95.87.8-2-def), IP (10.95.87.8)
status : success
timestamp : 2022/06/01 21:13:31
msg : Failed to connect to server: 10.95.87.8
status : failure
timestamp : 2022/06/01 21:15:39
Conn Uptime : 0
Re-conn Count : 0
Rate : 0 logs/sec
Connection to the log collector fails. Anybody encountered this before? As I have opened ports for communication between devices.
could you give more details about your environment? Are you using distributed environment with dedicated log collectors? If you are having an issue with a single log collector only, then first thing I would be looking into is health of that log collector and log files from CLI of log collector to see errors: tail lines 200 mp-log ms.log
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!