Description
Summary of Topic
These steps help determine if a Collector is successfully communicating and sending events to the Super.
Steps
- Check for communication issues between Super and Collector
- Open SSH session on Super
- Run 'cd /var/log/httpd'
- Run 'grep "<IP address of collector>" /ssl_access_log'
Ex. Grep "172\.10\.10\.100" ssl_access_log
(Note that the dots in the IP address are escaped (regular expression))
> A 'PUT' in a log message indicates Collector sending data to Super
> A 'GET' in a log message indicates Super sending config type changes to Collector
- Check for events coming from Collector
- Open SSH session on Super
- Run 'cd /opt/phoenix/log'
- Run 'grep upload phoenix.log'
You should see messages like the following if the Super is receiving events from the Collector
May 18 08:44:35 darla-va phEventHandler: [PH_EVT_HANDLER_DBG]:[eventSeverity]=PHL_DEBUG,[procName]=phEventHandler,[fileName]=phHttpRequestHandler.cpp,[lineNumber]=137,[phLogDetail]=Uploaded file /opt/phoenix/cache/parser/upload/evt/10000_WrTKck.evt from 172.16.22.139 (agentId = 10000) saved
May 18 08:44:35 darla-va phParser[3285]: [PH_GENERIC_DEBUG]:[eventSeverity]=PHL_DEBUG,[procName]=phParser,[fileName]=parserProcess.cpp,[lineNumber]=3247,[phLogDetail]=received msg: 10000, file: /opt/phoenix/cache/parser/upload/evt/10000_WrTKck.evt
Run 'grep failed phoenix.log'
Version Application
All
