I recently installed an All-in-One appliance in our VM. Version is v7.3.2 Build 20181119184207 patched to v7.3.2 Build 20190803012943
. As soon as I started it up, the error "Process monitor app failed to start multiple times" keeps showing up every minute, even when I didn't have a log source configured.
Payload Info:
Oct 29 11:33:01 127.0.0.1 [ProcessMonitor] com.q1labs.hostcontext.processmonitor.ProcessManager: [ERROR] [NOT:0150114103][10.21.66.55/- -] [-/- -]Process ecs-ec-ingress has failed to start for 1519 intervals. Continuing to try to start...
I checked the service ecs-ec-ingress, and it was running. I restarted Event Collection Service through the user interface, but the error keeps on popping. I restarted the service in the Console, and the error was still popping up. I added some log sources, and I was getting the logs and info into QRadar without a problem, but the error was still there. I tried to stop the ecs-ec-ingress, the error stopped, but there were no logs coming since I stopped it.
I was wondering if anyone experienced something similar before, and what can be done to fix it?
------------------------------
Derrick Nidar
------------------------------