ICDx

 View Only

  • 1.  Error trying to start the Syslog forwarder

    Posted Mar 16, 2020 06:22 PM
    This is a brand new install of ICDx 1.4 on RedHat 7.7.  We are able to receive messages now from Symantec DCS, however when we try to forward them out via a Syslog forwarder we receive the below error:

    Category
    category_id
    Application Activity

    Collected Time
    log_time
    03/16/2020 15:15:01.386 PDT

    Device IP Address
    device_ip
    10.50.0.58

    Device Name
    device_name
    dpc-icdx-01.nbnco.local

    Device OS
    device_os_name
    Linux

    Device OS Bits
    device_os_bits
    amd64

    Device OS Version
    device_os_ver
    3.10.0-1062.12.1.el7.x86_64

    Device Time
    device_time
    03/16/2020 15:15:01.379 PDT

    Disposition
    id
    Start

    Event ID
    event_id
    Application Lifecycle: Start

    Event Time
    time
    03/16/2020 15:15:01.379 PDT

    Event Unique ID
    uuid
    946886a0-67d3-11ea-c000-000000058001

    Exception
    status_exception
    com.symantec.dx.syslog.forwarder.SyslogForwarderModule: Unable to load configuration: Syslog

    Feature ID
    feature_uid
    d3956d80-67d2-11ea-cf18-000000000003

    Feature Name
    feature_name
    Rsyslog Forwarder

    Feature Path
    feature_path
    forwarder/syslog/syslog_fwd_dx

    Feature Type
    feature_type
    forwarder

    Log Level
    log_level
    ERROR

    Log Name
    log_name
    system

    Message
    message
    Failed to load services: com.symantec.dx.syslog.forwarder.SyslogForwarderModule: Unable to load configuration: Syslog

    Product Name
    product_name
    Symantec Integrated Cyber Defense Exchange

    Severity
    severity_id
    Major

    Stack Trace
    status_stack_trace
    [at com.symantec.lib.app.ModuleFactory.error(ModuleFactory.java:114), at com.symantec.lib.app.ModuleFactory.createModule(ModuleFactory.java:48), at com.symantec.lib.app.ModuleDesc.loadModule(ModuleDesc.java:153), at com.symantec.lib.app.Supervisor.loadModules(Supervisor.java:315), at com.symantec.lib.app.Supervisor.<init>(Supervisor.java:80), at com.symantec.lib.app.Application.<init>(Application.java:111), at com.symantec.lib.app.Application.instance(Application.java:71), at com.symantec.lib.app.SimpleApplication.main(SimpleApplication.java:53)]

    Status
    status_id
    Failure

    Status Details
    status_detail
    com.symantec.lib.app.ModuleLoaderError

    Subfeature Name
    subfeature_name
    lifecycle

    Thread Name
    status_thread_name
    main

    Type
    type_id
    Application Lifecycle

    Version
    version
    1.0




    Any help would be greatly appreciated.

    Thanks,
    Mike

    ------------------------------
    Mike
    WaveRider Security
    CA
    ------------------------------


  • 2.  RE: Error trying to start the Syslog forwarder

    Broadcom Employee
    Posted Mar 16, 2020 08:19 PM
    Hi Mike,
    if the syslog server is not accessible from ICDx, then the forwarder will not start, so make sure your syslog server is up and running and the port is not blocked by a firewall.

    Roumen

    ------------------------------
    Broadcom
    ------------------------------

    Original Message


  • 3.  RE: Error trying to start the Syslog forwarder

    Broadcom Employee
    Posted Mar 16, 2020 08:24 PM
    Also, ssh to the ICDx and take a look at the log file of the Syslog forwarder. You can find it in: /var/log/symantec/icdx. The file name is syslog_fwd_dx-<forwarder-name>-<forwarder-UUID>.log

    If you still have issues then upload the log file.
    Roumen

    ------------------------------
    Broadcom
    ------------------------------

    Original Message


  • 4.  RE: Error trying to start the Syslog forwarder

    Posted Mar 18, 2020 08:26 AM
    Thank you.  For some reason we were all under the impression the firewall ports were open.  That solved it and we are good to go.

    Thanks,
    Mike

    ------------------------------
    Mike
    WaveRider Security
    CA
    ------------------------------

    Original Message