Troubleshooting
Problem
The EPS graph on the Dashboard tab of the Console is not displaying one of the managed hosts in the deployment. What can I review to determine the problem?
Symptom
EPS dashboard missing item.
Cause
The most common cause of a managed host not reporting EPS stastics is an issue in the syslog-ng service.
Diagnosing The Problem
If the EPS graph on the Dashboard tab is not properly displaying results from a specific managed host in the network, administrators can review for the following:
- Verify that the syslog-ng service is running by running on the appliance.
a. Using SSH, log in as the room user on the Console.
b. SSH from the Console to the managed host that is not displaying EPS data from the dashboard.
c. Type service syslog-ng status.
d. If the service displays stopped, then administrators can type service syslog-ng start.
- Verify that the syslog-ng symlink is pointing to the correct location by running the ls-l /etc/init.d/ command.
- Verify that StatFilter packets are being sent to the Console.
a. Using SSH, log in as the room user on the Console.
b. SSH from the Console to the managed host that is not displaying EPS data from the dashboard.
c. To review syslog events from the managed host, type the following command: tcpdump -nnAs0 host console_ip and port 514.
Resolving The Problem
To resolve the issue, administrators need to restart the syslog-ng service.
- Using SSH, log in as the room user on the Console.
- SSH from the Console to the managed host that is not displaying EPS data from the dashboard.
- Type service syslog-ng status.
- If the service displays stopped, then administrators can type service syslog-ng start.
If the issue persists or the syslog-ng server cannot start properly, then administrators can contact customer support for assistance.
Where do you find more information?
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Dashboard","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.1;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21671700