Quantcast
Channel: THWACK: Popular Discussions - Security Event Manager (SEM) - Formerly Log & Event Manager
Viewing all articles
Browse latest Browse all 5911

LEM 5.5 - some real issues

$
0
0

   We upgraded from 5.4.0 LEM VM to 5.5. We have a Cisco firewall which was reporting to LEM. It is still apparently, but when I click on the node from the Dashboard, the Connectors widget says that none are installed, even though events are being sent as usual and the graph populates.

 

   We have a Cisco Ironport M670 which has two logs set to forward as Syslog (User/TCP). After the upgrade I got alerts from the device saying "Log Error: Subscription HTTP_logs: Network error while sending log data to syslog server xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx): [Errno 32] Broken pipe".  So I removed the log subscriptions from Ironport and the Node in LEM and recreated both. I started getting data again. However, after only about 30 minutes, the information for the Node is gone and is claiming that no data has been received for >7 days.


   The Top 10 Users by # of Events widget in the Dashboard still says "No Data for this time range". It's set for 10 minutes.  I have rebooted the appliance.






Viewing all articles
Browse latest Browse all 5911


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>