Troubleshooting
Problem
On the appliance we see "Send" entries in the Aggregation log that have the status set as "Failed", the appliance has an audit process scheduled to be executed at the same time as those entries:
Diagnosing The Problem
To identify which audit process is causing the Failed send entries, we should identify the time of the error's and identify which audit processes are being executing at that time.
We can then use the option "run once now" on each one of the identified audit processes to identify which is causing the Failed Send errors in the aggregation log file.
Resolving The Problem
To resolve the problem simply recreate the audit process, you can use the original settings and query which the audit process was based on, but must recreate the audit process a new with a different name.
Once the new audit process is created matching the old, execute it to confirm it resolves the Send Failed problem. Once confirmed the problem is no longer seen, you can rename the old audit process and rename the new with the exact same name.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z0000000AqmAAE","label":"AUDIT"}],"ARM Case Number":"TS013257361","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
07 July 2023
UID
ibm17010303