Global Security Forum

 View Only
Expand all | Collapse all

Cisco Email Security Appliance getting error Event - Collection Status: One or more empty files detected

  • 1.  Cisco Email Security Appliance getting error Event - Collection Status: One or more empty files detected

    Posted Sun May 10, 2020 03:38 AM
    We have integrated Cisco ESA with QRadar using log file polling method, 

    able to connect successfully but while reading files from ESA getting enclosed error, is there any have any idea what is wrong. 




    ------------------------------
    Ashok Kumar Cyber Security Consultant
    ------------------------------


  • 2.  RE: Cisco Email Security Appliance getting error Event - Collection Status: One or more empty files detected

    Posted Mon May 11, 2020 09:23 AM
    Hi Ashok,

    This is actually a warning, not an error. All it's saying is that at least one file in the target directory that matched your file pattern didn't contain any events. If you are receiving events then it should be nothing to worry about, but if you have access to that system, you could confirm that some of the files in that directory are in fact empty to confirm what the message is telling you.

    Cheers
    Colin

    ------------------------------
    COLIN HAY
    IBM Security
    ------------------------------