000029659 - Log Collector stopped collecting logs and system updates status is "unknown" in the RSA Security Analytics UI

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029659
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: All-in-One (AIO), Security Analytics UI, Log Collector
RSA Version/Condition: 10.3.5
Platform: CentOS
IssueThe log collector stops collecting logs, as well as the status for log collection is flagged red color int he UI when viewing Administration->Devices.  In addition, the "System updates" column shows "unknown" for the log collector when viewing the Administration->Devices page.


 
CauseThis can indicate that the SA core component(Log collector) has intermittent connectivity issues to the SA head unit.
Resolution1. Login to SA AIO through SSH.
2. Stop collector service (stop nwlogcollector) in SA AIO.
3. Click Administration->Devices:
  a. select log collector component, then the edit icon
  b. Press "test connection", and observe if the result is "test connection successful"
  c. Click save.
If this does not pass, check the infrastructure between the two devices (network, routing, firewall, name resolution etc).

4. Go to SSH and start log collector (start nwlogcollector) service.
5. Check status of log collector in GUI->Administration->Devices page which should show as green color and System updates column shows "Current". 
If it does not, again - check the infrastructure between the two devices (network, routing, firewall, name resolution etc).

 

Attachments

Outcomes