This topic describes the format and content of Log Collection Troubleshooting topics that are in all the other guides.
Security Analytics informs you of Log Collector problems or potential problems in the following two ways.
- Log files.
- Health and Wellness Monitoring views.
If you have an issue with a particular event source collection protocol, you can review debug logs to investigate this issue. Each event source has a Debug parameter that you can enable (set parameter to On or Verbose) to capture these logs.
Caution: Only enable debugging if you have a problem with this event source and you need to investigate this problem. If you have Debug enabled all the time it will adversely affect the performance of the Log Collector.
Security Analytics has a set of error messages associated with Log Collection that it includes in log files. To access these files:
Health and Wellness Monitoring
Health and Wellness monitoring makes you aware of potential hardware and software problems in a timely manner so that you can avoid to outages. RSA recommends that you monitor the Log Collector statistical fields to make sure that the service is operating efficiently and is not at or near the maximum values you have configured. You can monitor the following statistics (Stats) described in the Administration > Health & Wellness view.
Sample Troubleshooting Format
Security Analytics returns the following types of error messages in the log files for.
|Log Messages||timestamp failure (LogCollection) Message-Broker Statistics: ...|
timestamp failure (AMQPClientBaseLogCollection): ...
timestamp failure (MessageBrokerLogReceiver): ...
|Possible Cause||The Log Collector cannot reach the Message Broker because the Message Broker: |
rabbitmq start/running, process 10916