ProxySG & Advanced Secure Gateway

Dear Sirs,

The following Error event logs occur for the Access log upload.
I would like to know what mean each Error event logs.

ProxySG: E0008 Access Log (SIEM): Unable to connect to remote server for log uploading(0) SEVERE_ERROR alog_facility_impl.cpp 2601
ProxySG: E0008 Access log (SIEM): Log uploading failed. Remote filename: Not Applicable size: 0 KB.(0) SEVERE_ERROR alog_manager.cpp 897
ProxySG: E000A Access Log Custom (SIEM): Socket error occured while sending data.(32) SEVERE_ERROR alog_stream_custom.cpp 99

------------------------------
Regards,
Y.Kobayashi
Nissho Electronics, Corp
Network Engineer
Tokyo, Japan
------------------------------

Hi Yoshinori,


Different processes involved in access logging will report back and show up in the Event Logs, and so you may have a few different messages for one event, each from a different process.

ProxySG: E0008 Access Log (SIEM): Unable to connect to remote server for log uploading(0) SEVERE_ERROR alog_facility_impl.cpp 2601

This message is a general message saying we were unable to connect to the log server to upload the logs.

ProxySG: E0008 Access log (SIEM): Log uploading failed. Remote filename: Not Applicable size: 0 KB.(0) SEVERE_ERROR alog_manager.cpp 897

This message is saying pretty much the same thing. Notice how the error is reported from a different process (alog_manager)

ProxySG: E000A Access Log Custom (SIEM): Socket error occured while sending data.(32) SEVERE_ERROR alog_stream_custom.cpp 99

This error is telling us the connections failed at some point when trying to transfer data. We would want a closer look with a packet capture, and possible the logs of the server we are uploading to to help determine why the connection is failing.

Hope this Helps!
Original Message:
Sent: 06-04-2020 11:37 AM
From: Yoshinori Kobayashi
Subject: About Error event log about Access log upload

Dear Sirs,

The following Error event logs occur for the Access log upload.
I would like to know what mean each Error event logs.

ProxySG: E0008 Access Log (SIEM): Unable to connect to remote server for log uploading(0) SEVERE_ERROR alog_facility_impl.cpp 2601
ProxySG: E0008 Access log (SIEM): Log uploading failed. Remote filename: Not Applicable size: 0 KB.(0) SEVERE_ERROR alog_manager.cpp 897
ProxySG: E000A Access Log Custom (SIEM): Socket error occured while sending data.(32) SEVERE_ERROR alog_stream_custom.cpp 99

------------------------------
Regards,
Y.Kobayashi
Nissho Electronics, Corp
Network Engineer
Tokyo, Japan
------------------------------

Hi Jacob,

Do you know what caused those errors and how to solve those errors?

Original Message:
Sent: Jun 08, 2020 07:28 PM
From: Jacob Miles
Subject: About Error event log about Access log upload

Hi Yoshinori,


Different processes involved in access logging will report back and show up in the Event Logs, and so you may have a few different messages for one event, each from a different process.

ProxySG: E0008 Access Log (SIEM): Unable to connect to remote server for log uploading(0) SEVERE_ERROR alog_facility_impl.cpp 2601

This message is a general message saying we were unable to connect to the log server to upload the logs.

ProxySG: E0008 Access log (SIEM): Log uploading failed. Remote filename: Not Applicable size: 0 KB.(0) SEVERE_ERROR alog_manager.cpp 897

This message is saying pretty much the same thing. Notice how the error is reported from a different process (alog_manager)

ProxySG: E000A Access Log Custom (SIEM): Socket error occured while sending data.(32) SEVERE_ERROR alog_stream_custom.cpp 99

This error is telling us the connections failed at some point when trying to transfer data. We would want a closer look with a packet capture, and possible the logs of the server we are uploading to to help determine why the connection is failing.

Hope this Helps!
Original Message:
Sent: 06-04-2020 11:37 AM
From: Yoshinori Kobayashi
Subject: About Error event log about Access log upload

Dear Sirs,

The following Error event logs occur for the Access log upload.
I would like to know what mean each Error event logs.

ProxySG: E0008 Access Log (SIEM): Unable to connect to remote server for log uploading(0) SEVERE_ERROR alog_facility_impl.cpp 2601
ProxySG: E0008 Access log (SIEM): Log uploading failed. Remote filename: Not Applicable size: 0 KB.(0) SEVERE_ERROR alog_manager.cpp 897
ProxySG: E000A Access Log Custom (SIEM): Socket error occured while sending data.(32) SEVERE_ERROR alog_stream_custom.cpp 99

------------------------------
Regards,
Y.Kobayashi
Nissho Electronics, Corp
Network Engineer
Tokyo, Japan
------------------------------

Hello Kent,

1. check the disk of the server to which the logs should be uploaded -> if it is full, then such errors occur
2. check the logs from the server - it should also have something in its event log why the upload failed.
3. the password of the user account with which the logs should be uploaded might have expired.
4. if there is a firewall between the proxy and the loghost - check the logs.

5. if the upload is done via SCP and the server key has changed (e.g. due to an update of the loghost) - then the pattern must be renewed under Admin GUI - Configuration - Authentication - SSH Outbound Connections - Known Hosts.
In this case the messages in the event log look a bit different:
"Access Log (ssl): Unable to connect to remote server for log uploading"  0 E0008:1  alog_facility_impl.cpp:2816
"SSH: No ECDSA host key is known for 1.2.3.4 and you have requested strict checking."  0 45000B:1  sgos_log.cpp:150

Greetings
Klaus

Original Message:
Sent: Aug 15, 2023 11:20 PM
From: Kent Wirianata
Subject: About Error event log about Access log upload

Hi Jacob,

Do you know what caused those errors and how to solve those errors?

Original Message:
Sent: Jun 08, 2020 07:28 PM
From: Jacob Miles
Subject: About Error event log about Access log upload

Hi Yoshinori,


Different processes involved in access logging will report back and show up in the Event Logs, and so you may have a few different messages for one event, each from a different process.

ProxySG: E0008 Access Log (SIEM): Unable to connect to remote server for log uploading(0) SEVERE_ERROR alog_facility_impl.cpp 2601

This message is a general message saying we were unable to connect to the log server to upload the logs.

ProxySG: E0008 Access log (SIEM): Log uploading failed. Remote filename: Not Applicable size: 0 KB.(0) SEVERE_ERROR alog_manager.cpp 897

This message is saying pretty much the same thing. Notice how the error is reported from a different process (alog_manager)

ProxySG: E000A Access Log Custom (SIEM): Socket error occured while sending data.(32) SEVERE_ERROR alog_stream_custom.cpp 99

This error is telling us the connections failed at some point when trying to transfer data. We would want a closer look with a packet capture, and possible the logs of the server we are uploading to to help determine why the connection is failing.

Hope this Helps!
Original Message:
Sent: 06-04-2020 11:37 AM
From: Yoshinori Kobayashi
Subject: About Error event log about Access log upload

Dear Sirs,

The following Error event logs occur for the Access log upload.
I would like to know what mean each Error event logs.

ProxySG: E0008 Access Log (SIEM): Unable to connect to remote server for log uploading(0) SEVERE_ERROR alog_facility_impl.cpp 2601
ProxySG: E0008 Access log (SIEM): Log uploading failed. Remote filename: Not Applicable size: 0 KB.(0) SEVERE_ERROR alog_manager.cpp 897
ProxySG: E000A Access Log Custom (SIEM): Socket error occured while sending data.(32) SEVERE_ERROR alog_stream_custom.cpp 99

------------------------------
Regards,
Y.Kobayashi
Nissho Electronics, Corp
Network Engineer
Tokyo, Japan
------------------------------