This document includes troubleshooting recommendations and procedures that can help you solve problems arising from the configuration and usage of connectors.
Perform the following checks:
- The port is in listening mode. To check port accessibility, use the following command:
netstat -auntp | grep <port>
- Ports are open between log source and Adapter i.e, Listener port :: From LogSource to Adapter server
- Logs are received on tcpdump of Adapter.
tcpdump -nnnAvi <interface> host <HOST_IP> and port <Listener_port>
- Verify the outgoing packets from LogSource to Adapter.
tcpdump -nnnAvi <interface> dst <Dst-IP> and port <Listener_port>
- If IP address and port information is correct and still traffic is not seen on tcpdump, a firewall or the network could be preventing inbound traffic over the specified port. Verify using the following command:
iptables -n -v -L | grep <Event_Source_IP_addr>
- If logs are displayed on tcpdump of Adapter but not on Console, then check if route has been configured. To check list of routes currently configured use the following command:
route -n
If the issue is not resolved, proceed to perform the connectivity tests to confirm that Adapter is reachable.
- Login to the log source command line and test the server with ping utility using the following syntax:
ping -c 4 <Adapter_Server_IP_addr>
- Verify if log source events are being received on DNIF Console.