AnsweredAssumed Answered

Log collector failed to send logs to log decoder

Question asked by Rajbir Yadav on May 22, 2014
Latest reply on Jun 2, 2014 by huan zhou

Like • Show 0 Likes0
Comment • 5

Hi All,

i am facing an strange issue with my log collector. actually i have integrated some event sources with my SA and in log collector logs i can see that log are coming on log collector but we are not able to see any logs in log decoder even it showing an error "event transmission failed reason connection refused" please refer attached screen shot.

because of this i am not able to get any logs on investigation module.

concentrator is not aggregating any data from log decoder while its able to aggregate from packet decoder. i have checked all the service running in log decoder also try to restart both device decoder as well as concentrator.

any have faced same issue, kindly suggest.

regards,

rajveer

Attachments

No one else has this question

Outcomes

Lee Kirkpatrick

May 30, 2014 4:05 AM

Hi Rajveer,

Could you confirm your Log Decoder is listening on port 514:

netstat -anp |grep 514

Could you also confirm there are no space issues on the Log Decoder:

df -h

Actions

huan zhou May 30, 2014 4:53 AM

you log collector and log decoder on the same appliance? if port is open, try to restart the log decoder.

Actions

RSA Admin

May 30, 2014 11:10 PM

Looks like you log decoder is not configured properly so check if it is "capturing" check on the system tab if you start and it stops is because you need to config the log interface on the config tab so Device -> config if it is selected then follow the Lee steps it could be space too.

Let us know if still an issue.

Thx,

Actions

Rajbir Yadav @ RSA Admin on Jun 2, 2014 7:59 AM

Hi Everyone,

thanks you so much for your response on this issue.

but as i was not getting any idea how to troubleshoot this so i just deleted that lab and reset my SA lab again. now its working properly.

well if again i face such kind of issue then sure i will go for troubleshooting with all your provided guidance.

thanks again for your support.

Actions

huan zhou @ Rajbir Yadav on Jun 2, 2014 9:43 AM

sometimes here also, no idea where went wrong, re-installation will save more time.

Actions

5 Replies

Lee Kirkpatrick May 30, 2014 4:05 AM
Mark Correct
Correct Answer
Hi Rajveer,

Could you confirm your Log Decoder is listening on port 514:
netstat -anp |grep 514

Could you also confirm there are no space issues on the Log Decoder:
df -h
Like • Show 0 Likes0
Actions
huan zhou May 30, 2014 4:53 AM
Mark Correct
Correct Answer
you log collector and log decoder on the same appliance? if port is open, try to restart the log decoder.
Like • Show 0 Likes0
Actions
RSA Admin May 30, 2014 11:10 PM
Mark Correct
Correct Answer
Looks like you log decoder is not configured properly so check if it is "capturing" check on the system tab if you start and it stops is because you need to config the log interface on the config tab so Device -> config if it is selected then follow the Lee steps it could be space too.

Let us know if still an issue.

Thx,
SA
Like • Show 0 Likes0
Actions
- Rajbir Yadav @ RSA Admin on Jun 2, 2014 7:59 AM
  Mark Correct
  Correct Answer
  Hi Everyone,
  
  thanks you so much for your response on this issue.
  but as i was not getting any idea how to troubleshoot this so i just deleted that lab and reset my SA lab again. now its working properly.
  well if again i face such kind of issue then sure i will go for troubleshooting with all your provided guidance.
  
  thanks again for your support.
  Like • Show 0 Likes0
  Actions
  - huan zhou @ Rajbir Yadav on Jun 2, 2014 9:43 AM
    Mark Correct
    Correct Answer
    sometimes here also, no idea where went wrong, re-installation will save more time.
    Like • Show 0 Likes0
    Actions

Log collector failed to send logs to log decoder

Attachments

Outcomes

Related Content

Recommended Content