Forum Discussion
CEF Log forwarding stopped after disk was full
Hi there,
So the disk got full on my log forwarder server and log forwarding stopped... I expanded the disk and now it has enough space:
However, I cannot see any new events in CommonSecurityLog table since then. I went ahead and reinstalled the OMS agent, but it still doesn't work. There are no heartbeat events either so I guess the problem will be with the OMS agent. The funny thing is that Syslog messages are arriving to Sentinel... When I run the troubleshooter everything is fine except:
Validating the CEF\ASA logs are received and are in the correct format when received by syslog daemon
sudo tac /var/log/syslog
Located 0
CEF\ASA messages
But if I run tac /var/log/messages |grep CEF I can see the CEF messages.
I ran netstat/tcpdump and messages are do hitting port 25226.
Any help would be appreciated.
Thanks
2 Replies
- Update: I reinstalled OMS again, rebooted the box and now it's working.
- Hi szkoszegi666
Could you by any chance share the actual commands used to reinstall the OMS??
BR.
Kenneth ML
