SpanVA is Disconnected or Degraded

 

SpanVA to CloudSOC

• Does the SpanVA Console show the status as alive and Green?
• Check Status of SpanVA within CloudSOC Settings | Status Monitor.
• Verify the Proxy settings if required.
  • Test without the use of a proxy.
• Port 443 outbound is a requirement for several DNS entry's 
  • *.elastica.net
    elastica-oregon-audit.s3.amazonaws.com
    cep-dub-audit.s3.amazonaws.com
    elastica-artifacts.s3.amazonaws.com
    el-public-repo.s3.amazonaws.com
• SpanVA  Monitor logs will display helpful information:
  • Data has been sent to CloudSOC via SpanVA 
•  *Search Splunk: keywords: tenantid, datasource ID.  
  • Received log files upload notification from SpanVA running for tenant tenantname, datasource id : ***f83***330***044***5c1**

Logs Sent to Spanva

• SpanVA  Monitor logs will display helpful information:
  • ​Data has been received by SpanVA.
• Test  FTP/SCP to SpanVA manually.
  • scp bluecoat.log1.gz [email protected]:
    /ds_elastica/datasources/531eeadfca78c264ae87e317
  • Repeat sending a empty file called UPLOAD_COMPLETED.