Hello to all,
After configuring the integration I started to notice that the logs were not arriving steadily but with intervals of 3 to 12 hours which was strange to me.
When reviewing the log presented by the agent, I find the following error message, and after searching for information I do not see a way to solve it. I appreciate your support.
The integration allows ingesting 3 types of logs
Tenable Security Center asset data
Tenable Security Center plugin data
Tenable Security Center vulnerability data
It turns out that the “Tenable Security Center vulnerability data” logs are very large and I could not find a way to ingest them or modify the size limits from the integration, so to solve the problem temporarily I only left active the ingest of the “Tenable Security Center asset data” logs which are less numerous.
Hey, so this definitely shouldn't be happening. Let's see if we can get to the bottom of it.
Can you confirm something for me? Above these three panels is the more global Collect Tenable Security Center data via API which has a number of settings available. One of the settings is called Enable request tracing. This setting is disabled by default. Have you by chance enabled it?
If request tracing is disabled would you mind re-enabling the vulnerability data and providing me an agent diagnostic over a private channel like email from the agent that is having this issue? Or if you're not comfortable providing an agent diagnostic can you open the diagnostic and find the error in the logs and provide a couple of full raw logs from the diagnostic? The view of the errors you've screenshotted cuts off a lot of info that would be really helpful in figuring out what might be going on.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
