Troubleshooting SpanVA Connectivity

book

Article ID: 170846

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway

Issue/Introduction

SpanVA is Disconnected or Degraded

 

Environment


 

Resolution

SpanVA to CloudSOC

  • Does the SpanVA Console show the status as alive and Green?
  • Check Status of SpanVA within CloudSOC Settings | Status Monitor.
  • Verify the Proxy settings if required.
    • Test without the use of a proxy.
  • Port 443 outbound is a requirement for several DNS entry's 
    • *.elastica.net
      elastica-oregon-audit.s3.amazonaws.com
      cep-dub-audit.s3.amazonaws.com
      elastica-artifacts.s3.amazonaws.com
      el-public-repo.s3.amazonaws.com
  • SpanVA  Monitor logs will display helpful information:
    • Data has been sent to CloudSOC via SpanVA 
  •  *Search Splunk: keywords: tenantid, datasource ID.  
    • Received log files upload notification from SpanVA running for tenant tenantname, datasource id : ***f83***330***044***5c1**

Logs Sent to Spanva

  • SpanVA  Monitor logs will display helpful information:
    • ​Data has been received by SpanVA.
  • Test  FTP/SCP to SpanVA manually.
    • scp bluecoat.log1.gz [email protected]:
      /ds_elastica/datasources/531eeadfca78c264ae87e317
    • Repeat sending a empty file called UPLOAD_COMPLETED.