Log Collection after Failover
While Performing the enVision Device failover for ES 2560 Appliance , the Logs which were recieved Via NICSFTPAGENT.SH script through FILE Reader Services on old device is not recieved on the New Server
Please share some remedial action.
Thanks for the reply , but you have wrongly Interperated i.e we have two devices one Primary and another Secondary . And both have same Configurations . We have performed a failover Drill in which we move the Primary Server out of the network and changed the IP of Secondary to that of Primary , logs are recieved from all the devices except from devices which are sending through NICSFTPAGENT Script .
Yes , my mistake.
Have you tried use manualy psftp command on host which can't send logs to envision, and correct login process ? You have different keypari ssh keys on master and slave (I think). Maybe this is the problem, cause on devices where problem occur you have accepted public ssh key from master device not from slave and then you can't connect to sshd server.
Thanks for the Suggestions:
Let me give you a detail description of Problem:
ssh-keygen -b 1024 -t rsa is used to generate the Public Private Key-pair in the device which will send logs to enVision, this will generate id_rsa and id_rsa.pub Keys.Then the id_rsa.pub keys is copied to enVision Bin folder while other is kept in the Log sending device. Then following command: add_winsshd_key.bat id_rsa.pub is run.
For doing a failover we have copied the id_rsa.pub keys from primary servers to back-up enVision bin folder and follow the same steps , but the logs are not recieved.
No, I was thinking WINSSHD keypair(OWN enVISION keys) not keys that you generate and exchange beetwen enVISION (public key) and event device(private key).
When you first connect to sshd server you have to accept public key of sshd server - right?
What happend when you change keypair in WINSSHD panel program (this is option in first screen of WinSSHD Control Panel) look at Host keys and "Manage host keys"). ?
Then you all agent can't connect to you WinSSHD server cause this is potential break-in attempt on sshd server.
maybe this is a problem ?;-)
I have same problem when after reinstalling whole system from scratch all agent with nicsftp stop sending message to enVISION.
Possibly this might be the reason.
One thing can we make the WinSSD Keys same for enVision Primary and Back-up server ( Both are ES Appliance ) , if Yes then what is the procedure.
I think you should generate a case to RSA Support. I found bug releated with keypair WINSSHD and this bug can be a big problem for you, cause import keypair for WINSSHD works only untill reboot the machine.
After reboot, envision lost this imported keys and starts with some default keypair (this keypair from install time).