PAM -- syslog data is no longer sent after modifying the docker network settings (logstash)
search cancel

PAM -- syslog data is no longer sent after modifying the docker network settings (logstash)

book

Article ID: 259097

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Since I made the Docker Network change in TestNet, Qradar is no longer getting syslogs. I thought you mentioned to me something about syslogs when we were doing the changes. Production is working fine though.

 

Environment

Release : 4.1.0, 4.1.1, 4.1.2

Cause

While modifying the docker networking setting an invalid address was entered in the configuration. Subsequently, this was corrected but several settings in the PAM database were inadvertently modified. This caused 2 of the internal docker containers to fail to restart after rebooting the node.

Resolution

This needs to be corrected in the PAM database directly by a Broadcom Support engineer over ssh as this will not auto correct.

Powered by Wolken Software