Assistenza tecnica

Ti serve aiuto?

 

What is the operation logic used by the SIEMFeeder service when no logs are received?

Information applies to:

Products
Adaptive DefenseAdaptive Defense 360
Adaptive Defense 360 on Aether PlatformAdaptive Defense on Aether Platform

Situation

No activity logs are received from the SIEMFeeder service.

Explanation of SIEMFeeder's log send retry logic

Panda Security's SIEMFeeder service implements a feature to retry sending of log files to the customer's FTP server in order to ensure the delivery of data to its destination. This feature works as follows:

  • Connection pools are created to allow each thread to send its files without requiring a proprietary connection.
  • There is a retry login in place by which a thread will try to retrieve those connections that have failed. This logic works as follows:

    • If an error occurs sending a file, the server is marked as unavailable and SIEMFeeder saves the file to disk. As a result, all other threads will also save their files to disk.
    • Additionally, there is a collector thread that is constantly searching for unavailable servers and will try to send one of the files to the server.

      • If the problem persists, only files older than 48 hours will be deleted.
      • When the connection is reestablished, the collector thread informs the main threads that the server is operational and ready to receive their logs.

Also, the accumulated files are reintegrated into the SIEMFeeder service to be processed again.

For more information, refer to the SIEMFeeder Administration Guide.

Hai trovato una risposta alla tua domanda grazie a questo articolo?

no

Grazie per la risposta


Come miglioreresti questo articolo?




Desideri contattare il Supporto Tecnico?

SEMPRE ONLINE PER AIUTARTI TWITTER FORUM
SEMPRE ONLINE PER AIUTARTI TWITTER FORUM