Failed datasource files
search cancel

Failed datasource files

book

Article ID: 280566

calendar_today

Updated On:

Products

CASB Securlet SAAS CASB Advanced Threat Protection CASB Audit CASB Gateway CASB Gateway Advanced CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet IAAS CASB Securlet SAAS With DLP-CDS

Issue/Introduction

CASB datasource details page reports files are failed or marked bad.

Datasource may report Input file does not contain log messages required by Audit.

 

Cause

Syslog datasources could receive bad data from other syslog sources.

Proxy logs that have more than one type of log could also be susceptible when the proxy does not send the logs correctly.

Resolution

CloudSOC audit looks at the first part of a log to make sure the data is formatted correctly. If the threshold of bad data is reached, the file is marked bad and discarded in order to keep the audit data healthy.

If random data is incorrectly formatted the individual lines of data are discarded.

The datasource details is cumulative. If the failed number increases and becomes a concern, create a support ticket and enable the support account.  Broadcom can provide recently provided sample data to better understand the corruption (from what proxy, what timeframe etc...)

Powered by Wolken Software