We Have CIFS data source and every 5 minutes new log files are written to shared folder.
Our Data Source copies and deletes files.
It is now behind 10-12 hours to copy and delete logs. If we don't do anything the gap increases.
As you can see in first screenshot the log files are 100-200 KB and it shouldn't be hard for McAfee SIEM to copy and delete all of it in once.
I wrote a script that every 5 minutes take all the log files and make 1 log file. This time SIEM doesn't copy and delete that file. Log file stay in folder and data source show yellow flag after some time and doesn't take the file. The file was 70 MB and it shouldn't be more than 10 seconds to copy and delete that file in our environment.
I've not heard of any other reports of this as a general issue and I've not experienced this issue in my test environment. We'd need to check further what exactly is happening. As has been suggested, the log file for the collector is a good starting point.
If you are unable to find what is causing the behaviour, please raise a service request and provide a device data file from your receiver for analysis.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.