No activity logs are received from the SIEMFeeder service.Explanation of SIEMFeeder's log send retry logic
Panda Security's SIEMFeeder service implements a feature to retry sending of log files to the customer's FTP server in order to ensure the delivery of data to its destination. This feature works as follows:
- Connection pools are created to allow each thread to send its files without requiring a proprietary connection.
- There is a retry login in place by which a thread will try to retrieve those connections that have failed. This logic works as follows:
- If an error occurs sending a file, the server is marked as unavailable and SIEMFeeder saves the file to disk. As a result, all other threads will also save their files to disk.
- Additionally, there is a collector thread that is constantly searching for unavailable servers and will try to send one of the files to the server.
- If the problem persists, only files older than 48 hours will be deleted.
- When the connection is reestablished, the collector thread informs the main threads that the server is operational and ready to receive their logs.
Also, the accumulated files are reintegrated into the SIEMFeeder service to be processed again.
For more information, refer to the SIEMFeeder Administration Guide.