CiscoSecurity/fp-05-firepower-cef-connector-arcsight

the connector doesn't pull data anymore from estreamer

mariusgeonea opened this issue 5 years ago · 0 comments

mariusgeonea commented 5 years ago

hello people,

the cef connector doesn't pull data after some time, something like 8 or 12 hours.
to tshoot this i have enabled the verbose level for logging and i got the following error:

2020-01-13 08:13:16,287 Receiver Level 5 Processing message bundle
2020-01-13 08:13:16,287 Receiver Level 5 Processing message bundle
2020-01-13 08:13:16,297 SubscriberParser ERROR error: \nTraceback (most recent call last):\n File "/eStreamer-eNcore/estreamer/baseproc.py", line 111, in _start\n callback()\n File "/eStreamer-eNcore/estreamer/receiver.py", line 175, in next\n self._ack()\n File "/eStreamer-eNcore/estreamer/receiver.py", line 54, in _ack\n self.connection.request( estreamer.message.NullMessage() )\n File "/eStreamer-eNcore/estreamer/connection.py", line 131, in request\n self.socket.send( buf )\n File "/usr/lib64/python2.7/ssl.py", line 710, in send\n v = self._sslobj.write(data)\nerror: [Errno 32] Broken pipe\n
2020-01-13 08:13:16,297 SubscriberParser INFO Exiting
2020-01-13 08:14:53,893 Controller INFO Process subscriberParser is dead.
2020-01-13 08:14:53,893 Monitor INFO Running. 0 handled; average rate 0 ev/sec;
2020-01-13 08:14:54,224 Controller INFO Stopping...
2020-01-13 08:14:54,225 Controller INFO Process 2172 (Process-1) exit code: 0
2020-01-13 08:14:54,230 Decorator INFO Stop message received
2020-01-13 08:14:54,235 Decorator INFO Error state. Clearing queue
2020-01-13 08:14:54,235 Cache INFO Saving cache to /eStreamer-eNcore/10.120.25.12-8302_cache.dat
2020-01-13 08:14:54,241 Decorator INFO Exiting
2020-01-13 08:14:54,246 Controller INFO Process 2173 (Process-2) exit code: 0
2020-01-13 08:14:54,246 Transformer INFO Stop message received
2020-01-13 08:14:54,251 Transformer INFO Error state. Clearing queue
2020-01-13 08:14:54,252 Transformer INFO Exiting
2020-01-13 08:14:54,252 Controller INFO Process 2174 (Process-3) exit code: 0
2020-01-13 08:14:54,257 Writer INFO Stop message received
2020-01-13 08:14:54,262 Writer INFO Error state. Clearing queue
2020-01-13 08:14:54,262 Writer INFO Exiting
2020-01-13 08:14:54,262 Controller INFO Process 2176 (Process-4) exit code: 0
2020-01-13 08:14:54,263 Monitor INFO Stopping Monitor.
2020-01-13 08:14:54,395 Controller INFO Goodbye

any idea what could be the cause of this?

thanks,
Marius.