This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Log collector failed to send logs to log decoder

Anonymous
Not applicable

‎2014-05-22 03:22 AM

Hi All,

i am facing an strange issue with my log collector. actually i have integrated some event sources with my SA and in log collector logs i can see that log are coming on log collector but we are not able to see any logs in log decoder even it showing an error "event transmission failed reason connection refused" please refer attached screen shot.

because of this i am not able to get any logs on investigation module.

concentrator is not aggregating any data from log decoder while its able to aggregate from packet decoder. i have checked all the service running in log decoder also try to restart both device decoder as well as concentrator.

 

any have faced same issue, kindly suggest.

 

regards,

rajveer

Preview file
88 KB
Preview file
36 KB
Preview file
62 KB
0 Likes
5 REPLIES 5

LeeKirkpatrick
Valued Contributor Valued Contributor
Valued Contributor

‎2014-05-30 04:05 AM

Hi Rajveer,

 

Could you confirm your Log Decoder is listening on port 514:

     netstat -anp |grep 514

 

Could you also confirm there are no space issues on the Log Decoder:

     df -h

huanzhou1
Beginner
Beginner

‎2014-05-30 04:53 AM

you log collector and log decoder on the same appliance? if port is open, try to restart the log decoder.

RSAAdmin
Beginner
Beginner

‎2014-05-30 11:10 PM

Looks like you log decoder is not configured properly so check if it is "capturing" check on the system tab if you start and it stops is because you need to config the log interface on the config tab so Device -> config if it is selected then follow the Lee steps it could be space too.

 

Let us know if still an issue.

 

Thx,

SA

Anonymous
Not applicable
In response to RSAAdmin

‎2014-06-02 07:59 AM

Hi Everyone,

 

thanks you so much for your response on this issue.

but as i was not getting any idea how to troubleshoot this so i just deleted that lab and reset my SA lab again. now its working properly.

well if again i face such kind of issue then sure i will go for troubleshooting with all your provided guidance.

 

thanks again for your support.

0 Likes

huanzhou1
Beginner
Beginner
In response to Anonymous

‎2014-06-02 09:43 AM

sometimes here also, no idea where went wrong, re-installation will save more time.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.