ICDx

 View Only
  • 1.  event time is 8 days before collected time in ICDx

    Posted May 12, 2020 02:42 PM
      |   view attached
    we have three servers whose event time is 8 days before the ICDx collected time.  Our ICDx server is pulling events from a Symantec DCS Advanced server.  All other servers' collected time is within a few seconds of the event time.  The three servers that are way behind happen to be rsyslog servers that the ICDx is forwarding to.

    Any ideas why these three servers would be so far behind?

    Thanks,
    Mike

    ------------------------------
    Mike
    WaveRider Security
    CA
    ------------------------------


  • 2.  RE: event time is 8 days before collected time in ICDx

    Broadcom Employee
    Posted May 20, 2020 12:15 PM
    I would recommend opening a support ticket for this one. At this point, ICDx tickets can't be opened directly; open a new ticket under DCS, but put in your notes that this is an ICDx issue and the product needs to be changed to ICDx. It will get routed correctly.

    ------------------------------
    Solutions Engineer
    Broadcom
    ------------------------------