Reporter is not gathering logs from proxy devices log source unloaded
search cancel

Reporter is not gathering logs from proxy devices log source unloaded

book

Article ID: 252660

calendar_today

Updated On:

Products

Reporter-VA

Issue/Introduction

Log source configured on Reporter-VA is unloaded.

Event logs on the reporter show the following errors:


System resource limitation (Unspecified Error) prevented load for log source

Fatal condition prevented load for log source

Failed to register license notifier: -14403:license suspended due to license server avoidance

License Server Communication Status: CRITICAL - License suspended

Environment

  • Reporter-VA with/without access to the Internet

Cause

1. Reporter-VA is unable to communicate with the license validation server to confirm that the serial number is valid. If that communication fails, log source cannot be loaded.

2. Reporter-VA is able to communicate with the Internet but license wise status is Critical and suspended with above errors.



 

Resolution

Make sure that Reporter-VA can successfully communicate with Symantec licensing servers. Full list of licensing services that Reporter-VA communicates with can be found here

If Reporter-VA can communicate with Internet, re-license box again via CLI as below and if issue still exist reboot the box. All Errors should clear out and Log Source will be able to Load.

Reporter(config-licensing)# load username [email protected] password

Value for 'password' (<valid password to authenticate to download site>): ****************

  ok

Note:

To help you troubleshoot the appliance's communication with validation.es.bluecoat.com, turn on PCAP from the CLI of the appliance and then attempt the license load step, to generate the required packets. Do this a number of times, to generate sufficient packets. Next, have the PCAP exported from the Reporter to any external source. Use FTP for this export. For guidance, refer to the steps in the Tech. Doc. here.

With the PCAP file, we recommend using Wireshark to check the data. First, check for the dns packets (query/response) for validation.es.bluecoat.com. It's mandatory to have DNS working well, to resolve the backend destinations, like, https://validation.es.bluecoat.com. Note that it is the customer's responsibility to ensure their DNS servers work well with the product, to resolve the DNS query from the appliance, for the backend destinations. Next, go to Statistics > Conversation > IPv4 and check for the conversations with validation.es.bluecoat.com. You can also set the filter frames contains "validation.es.bluecoat.com", to find the frames/packets for validation.es.bluecoat.com and review the same for the possible challenges in communication. 

If you do see anything that points to the product, share the same on a technical support ticket alongside the requisite data for further investigation.