Failed to send external logging. Error: Failed to connect to the syslog server.
Article ID: 272670
Updated On:
Products
Issue/Introduction
When attempting to send logs from Symantec Endpoint Protection Manager (SEPM) to an external logging server, an error occurs saying "Failed to connect to syslog server. External logging cannot proceed until the problem is resolved."
With the error code: "DBDATA_ERROR_CODE_xE0060000"
The scm_server-0.log will show the error:
2023-08-16 15:57:52.555 THREAD 1919 SEVERE: Failed to connect to the syslog server. External logging cannot proceed until the problem is resolved. in: com.sygate.scm.server.task.ExternalLoggingWorker
com.sygate.scm.server.util.ServerException: Failed to connect to the syslog server. External logging cannot proceed until the problem is resolved.
at com.sygate.scm.server.task.ExternalLoggingWorker.handleLog(ExternalLoggingWorker.java:659)
at com.sygate.scm.server.task.ExternalLoggingWorker.run(ExternalLoggingWorker.java:429)
at java.base/java.util.TimerThread.mainLoop(Timer.java:556)
at java.base/java.util.TimerThread.run(Timer.java:506)
Cause
If most of the log types are enabled, it seems SEPM is stopping to process the remaining log types after an exception has occurred when processing the logs. The I/O operation was interrupted because of a huge data or content in policy.
As a default most syslog servers are configured to handle only 1024 bytes at a time.
Resolution
First check the maximum limit size of the message that the syslog server can accommodate.
If this cannot be extended in your syslog server, we can limit SEPM to send 1024 bytes. To do this,
- Stop the SEPM services.
- Back up, and open the file: <<SEPM>>\tomcat\etc\conf.properties
- Add the following line at the bottom:
scm.syslog.message.maxlength.bytes=1024 - Save the file.
- Start the SEPM service.
Feedback
