When attempting to send logs from Symantec Endpoint Protection Manager (SEPM) to an external logging server, an error occurs saying "Failed to connect to syslog server. External logging cannot proceed until the problem is resolved."
With the error code: "DBDATA_ERROR_CODE_xE0060000"
The scm_server-0.log will show the error:
2023-08-16 15:57:52.555 THREAD 1919 SEVERE: Failed to connect to the syslog server. External logging cannot proceed until the problem is resolved. in: com.sygate.scm.server.task.ExternalLoggingWorker
com.sygate.scm.server.util.ServerException: Failed to connect to the syslog server. External logging cannot proceed until the problem is resolved.
at com.sygate.scm.server.task.ExternalLoggingWorker.handleLog(ExternalLoggingWorker.java:659)
at com.sygate.scm.server.task.ExternalLoggingWorker.run(ExternalLoggingWorker.java:429)
at java.base/java.util.TimerThread.mainLoop(Timer.java:556)
at java.base/java.util.TimerThread.run(Timer.java:506)
If most of the log types are enabled, it seems SEPM is stopping to process the remaining log types after an exception has occurred when processing the logs. The I/O operation was interrupted because of a huge data or content in policy.
As a default most syslog servers are configured to handle only 1024 bytes at a time.
First check the maximum limit size of the message that the syslog server can accommodate.
If this cannot be extended in your syslog server, we can limit SEPM to send 1024 bytes. To do this,