Hi
We have STRM (hardware machine)
2013.1.r3.495292 (7.1.0.495292)
It is not showing logs in the UI anymore
We are not sure since when this problem because we don't login to this machine on daily bases
- tcpdump is showing that machine is receiving the logs from other SRXs
- df -h showing that /var is not at 95% not full
[root@strm ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 20G 4.6G 15G 25% /
tmpfs 5.9G 0 5.9G 0% /dev/shm
/dev/sda1 97M 38M 55M 41% /boot
/dev/sda8 1.3T 972G 218G 82% /store
/dev/sda5 9.9G 151M 9.2G 2% /store/tmp
/dev/sda3 9.4G 3.1G 5.9G 35% /var/log
And there is no notifications in the UI:
So we're not sure what is the problem... It just stopped to present logs in the UI, just like that.
Not sure what should I search in the qradar log file ..nothing there regarding the disk space or thresholds or errors
Please advise