|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: All-in-One (AIO), Security Analytics UI, Log Collector
RSA Version/Condition: 10.3.5
|Issue||The log collector stops collecting logs, as well as the status for log collection is flagged red color int he UI when viewing Administration->Devices. In addition, the "System updates" column shows "unknown" for the log collector when viewing the Administration->Devices page.|
|Cause||This can indicate that the SA core component(Log collector) has intermittent connectivity issues to the SA head unit.|
|Resolution||1. Login to SA AIO through SSH.|
2. Stop collector service (stop nwlogcollector) in SA AIO.
3. Click Administration->Devices:
a. select log collector component, then the edit icon
b. Press "test connection", and observe if the result is "test connection successful"
c. Click save.
If this does not pass, check the infrastructure between the two devices (network, routing, firewall, name resolution etc).
4. Go to SSH and start log collector (start nwlogcollector) service.
5. Check status of log collector in GUI->Administration->Devices page which should show as green color and System updates column shows "Current".
If it does not, again - check the infrastructure between the two devices (network, routing, firewall, name resolution etc).