Hi all,

First time posting here, so I hope this topic was not already covered.
I recently faced problems identifyig why the syslog forwarding stopped sending logs to our remote syslog server.
We kind of lost it for a couple of hours. It could be due to network issues, or anything else... I could not identify the root cause.

I would like to get your thoughts about the way we should troubleshoot this?
Can we restart this process? Give it some more advanced config arguments?
Anything else?

Thanks

------------------------------
Sébastien De Kinder
------------------------------

Hi Sebastien,

What is the exact firmware and IF level in use?  There are a few known issues at 9.0.7.0 and 9.0.7.1 with the Rsyslog Forwarder.  Is it setup for TCP/TLS?  One issue we have seen when using TCP/TLS is a quick network drop will cause the behavior you are seeing.  The only way to restart the forwarders is to make a change to the settings and deploy.

------------------------------
Nick
ISAM Level II Support
------------------------------

Original Message:
Sent: Thu September 24, 2020 04:59 AM
From: Sébastien De Kinder
Subject: Troubleshooting remote syslog forwarding 5(ISAM 9.0.7)

Hi all,

First time posting here, so I hope this topic was not already covered.
I recently faced problems identifyig why the syslog forwarding stopped sending logs to our remote syslog server.
We kind of lost it for a couple of hours. It could be due to network issues, or anything else... I could not identify the root cause.

I would like to get your thoughts about the way we should troubleshoot this?
Can we restart this process? Give it some more advanced config arguments?
Anything else?

Thanks

------------------------------
Sébastien De Kinder
------------------------------

HI Nick,

It was 9.0.7.0 IF5. Enabling TLS did not seem to cause this problem. It's more like a random thing we experienced a couple of times and I wanted to know how to investigate a bit further. But it seems like there's no real debugging possibility here.
We tried to make changes to the settings and re-deploy but it didn't help this time, hence my post. Unfortunately, it happened in production.

Meanwhile we upgraded to 9.0.7.1, let's hope this will solve the problem.

Regards,


------------------------------
Sébastien De Kinder
------------------------------

Original Message:
Sent: Sun September 27, 2020 03:25 PM
From: Nick Lloyd
Subject: Troubleshooting remote syslog forwarding 5(ISAM 9.0.7)

Hi Sebastien,

What is the exact firmware and IF level in use?  There are a few known issues at 9.0.7.0 and 9.0.7.1 with the Rsyslog Forwarder.  Is it setup for TCP/TLS?  One issue we have seen when using TCP/TLS is a quick network drop will cause the behavior you are seeing.  The only way to restart the forwarders is to make a change to the settings and deploy.

------------------------------
Nick
ISAM Level II Support

Original Message:
Sent: Thu September 24, 2020 04:59 AM
From: Sébastien De Kinder
Subject: Troubleshooting remote syslog forwarding 5(ISAM 9.0.7)

Hi all,

First time posting here, so I hope this topic was not already covered.
I recently faced problems identifyig why the syslog forwarding stopped sending logs to our remote syslog server.
We kind of lost it for a couple of hours. It could be due to network issues, or anything else... I could not identify the root cause.

I would like to get your thoughts about the way we should troubleshoot this?
Can we restart this process? Give it some more advanced config arguments?
Anything else?

Thanks

------------------------------
Sébastien De Kinder
------------------------------

There were some changes put in 9.0.7.1 IF5 that should resolve this.  If not, please open a Support case and we'll investigate.

------------------------------
Nick
ISAM Level II Support
------------------------------

Original Message:
Sent: Fri October 02, 2020 11:49 AM
From: Sébastien De Kinder
Subject: Troubleshooting remote syslog forwarding 5(ISAM 9.0.7)

HI Nick,

It was 9.0.7.0 IF5. Enabling TLS did not seem to cause this problem. It's more like a random thing we experienced a couple of times and I wanted to know how to investigate a bit further. But it seems like there's no real debugging possibility here.
We tried to make changes to the settings and re-deploy but it didn't help this time, hence my post. Unfortunately, it happened in production.

Meanwhile we upgraded to 9.0.7.1, let's hope this will solve the problem.

Regards,


------------------------------
Sébastien De Kinder

Original Message:
Sent: Sun September 27, 2020 03:25 PM
From: Nick Lloyd
Subject: Troubleshooting remote syslog forwarding 5(ISAM 9.0.7)

Hi Sebastien,

What is the exact firmware and IF level in use?  There are a few known issues at 9.0.7.0 and 9.0.7.1 with the Rsyslog Forwarder.  Is it setup for TCP/TLS?  One issue we have seen when using TCP/TLS is a quick network drop will cause the behavior you are seeing.  The only way to restart the forwarders is to make a change to the settings and deploy.

------------------------------
Nick
ISAM Level II Support

Original Message:
Sent: Thu September 24, 2020 04:59 AM
From: Sébastien De Kinder
Subject: Troubleshooting remote syslog forwarding 5(ISAM 9.0.7)

Hi all,

First time posting here, so I hope this topic was not already covered.
I recently faced problems identifyig why the syslog forwarding stopped sending logs to our remote syslog server.
We kind of lost it for a couple of hours. It could be due to network issues, or anything else... I could not identify the root cause.

I would like to get your thoughts about the way we should troubleshoot this?
Can we restart this process? Give it some more advanced config arguments?
Anything else?

Thanks

------------------------------
Sébastien De Kinder
------------------------------