Assistance Technique

Comment pouvons-nous vous aider ?

 

What is the operation logic used by the SIEMFeeder service when no logs are received?

Ces informations s’appliquent à:

Produits
Adaptive DefenseAdaptive Defense 360
Adaptive Defense 360 on Aether PlatformAdaptive Defense on Aether Platform

Situation

No activity logs are received from the SIEMFeeder service.

Explanation of SIEMFeeder's log send retry logic

Panda Security's SIEMFeeder service implements a feature to retry sending of log files to the customer's FTP server in order to ensure the delivery of data to its destination. This feature works as follows:

  • Connection pools are created to allow each thread to send its files without requiring a proprietary connection.
  • There is a retry login in place by which a thread will try to retrieve those connections that have failed. This logic works as follows:

    • If an error occurs sending a file, the server is marked as unavailable and SIEMFeeder saves the file to disk. As a result, all other threads will also save their files to disk.
    • Additionally, there is a collector thread that is constantly searching for unavailable servers and will try to send one of the files to the server.

      • If the problem persists, only files older than 48 hours will be deleted.
      • When the connection is reestablished, the collector thread informs the main threads that the server is operational and ready to receive their logs.

Also, the accumulated files are reintegrated into the SIEMFeeder service to be processed again.

For more information, refer to the SIEMFeeder Administration Guide.

Numéro d`article d`aide- 20170811 50110 EN

Avez-vous résolu votre problème avec cet article ?

OUI NON

Merci de votre réponse


Comment pouvons-nous améliorer cette aide ?




Vous voulez contacter le Support Technique ?

TOUJOURS EN LIGNE POUR VOUS AIDER TWITTER FORUM
TOUJOURS EN LIGNE POUR VOUS AIDER TWITTER FORUM