PAM is not sending syslogs and not reporting to splunk application anymore after reboot
search cancel

PAM is not sending syslogs and not reporting to splunk application anymore after reboot

book

Article ID: 262266

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

A PAM node in a cluster was rebooted via PAM Client > Configuration > Power > [check the acknowledge box] > Click [Reboot Instance] and afterwards Splunk did not receive any data from the PAM node.

This problem is affecting syslog server integrations as well.

It also may be observed after applying a hotfix that requires a reboot.


Environment

Release : 4.1.1, 4.1.2, upgraded from 4.1.0

Cause

The 4.1.1 and 4.1.2 upgrade patches, when upgrading from a previous 4.1.X release, inadvertently prevented a docker container required for sending log messages to a remote syslog server or Splunk from starting successfully after a reboot. The problem would not be noticed in a cluster environment right after the upgrade, because starting the cluster will get the container started.

Resolution

In a cluster environment you can turn off the cluster and turn it back on to resolve the problem.

If you need to get the problem fixed w/o restarting the cluster, and cannot upgrade to 4.1.3+ yet, please open a case with PAM Support