Management

 View Only
last person joined: 27 days ago 

Ask questions and share experiences with Junos Space and network management.
  • 1.  STRM not presenting logs anymroe

    Posted 04-04-2021 11:55
    Edited by Abed AL-R 04-05-2021 13:58
    Hi

    We have STRM (hardware machine)
    2013.1.r3.495292 (7.1.0.495292)

    It is not showing logs in the UI anymore
    We are not sure since when this problem because we don't login to this machine on daily bases

    - tcpdump is showing that machine is receiving the logs from other SRXs
    - df -h showing that /var is not at 95% not full
    [root@strm ~]# df -h
    Filesystem            Size  Used Avail Use% Mounted on
    /dev/sda2              20G  4.6G   15G  25% /
    tmpfs                 5.9G     0  5.9G   0% /dev/shm
    /dev/sda1              97M   38M   55M  41% /boot
    /dev/sda8             1.3T  972G  218G  82% /store
    /dev/sda5             9.9G  151M  9.2G   2% /store/tmp
    /dev/sda3             9.4G  3.1G  5.9G  35% /var/log​

    And there is no notifications in the UI:

    So we're not sure what is the problem... It just stopped to present logs in the UI, just like that.

    Not sure what should I search in the qradar log file ..nothing there regarding the disk space or thresholds or errors

    Please advise


  • 2.  RE: STRM not presenting logs anymroe

    Posted 04-05-2021 10:48
    Edited by Abed AL-R 04-05-2021 15:11
    We noticed those messages in the /var/log/messages:

    strm syslog-ng[1885]: Syslog connection failed; fd='41', server='AF_INET(192.168.198.102:514)', error='Connection refused (111)', time_reopen='60'​


    We rebooted the STRM and the issue still occurs

    We also noticed this in log sources, all devices showing error state
    Status: ERROR - Events have not been received from this Log Source in over 720 minutes.
    Last Updated: 2021-03-28 02:59​






  • 3.  RE: STRM not presenting logs anymroe

    Posted 04-16-2021 06:42
    Edited by TOMASZ KARCZEWSKI 04-16-2021 07:55
    Hi,

    Did you solved the issue?
    I'm facing the same problem.
    I noticed that server has restarting status.



    ------------------------------
    TOMASZ KARCZEWSKI
    ------------------------------



  • 4.  RE: STRM not presenting logs anymroe

    Posted 04-16-2021 09:37
    No actually I'm still facing the problem
    But mine showing Active status in license

    ------------------------------
    Abed AL-Rahman Bishara
    ------------------------------



  • 5.  RE: STRM not presenting logs anymroe

    Posted 05-04-2021 00:54
    I'm sharing the solution

    https://www.ibm.com/support/pages/updated-qradar-deploy-changes-31-december-2020-can-impact-product-functionality

    ------------------------------
    Abed AL-Rahman Bishara
    ------------------------------