You notice that an Integrated Cyber Defense Exchange (ICDx) Email Security .cloud collector stops after running correctly for some time. You are also able to restart the collector successfully without issue.
Release : 1.4
Component : sesc_col_dx
The collector is stopping due to an unrecoverable request when it receives a 401 response from the Email Security .cloud service API.
Looking in the collector logs, you see an error similar to:
2020-11-21 14:32:13,348 [shutdown] ERROR com.symantec.lib.app.SimpleModule - Email Security.cloud Module - Terminating application with exit status 1 due to: Unrecoverable failed request: 401
* Start Date/Time: "2020-11-18T10:10:00.000Z"
* Calculated UTC-based Start Date/Time: "2020-11-18T10:10:00Z"
* Username: sesc-username
* Password (not shown)
* Data Feed: all
Full Data Feed URL: https://datafeeds.emailsecurity.symantec.com/all
* Read Interval (ms): 30000
* Idle Interval (ms): 300000
* Use Proxy: true
2020-11-21 14:32:13,369 [Interrupt signal hook] INFO lifecycle - The service has stopped
Broadcom is investigating this issue. We have had some indication that it may be related to outages from the Email Security .cloud service, such as with Maintenance periods.
It is recommended to Subscribe to the Email Security .cloud service status updates:
If an alert reported, it is possible that the collector will halt, so subscribing to the alerts will provide awareness of when the issue may occur.
This article will be updated when we have more information to provide.