cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SpaceUser
Level 8
Report Inappropriate Content
Message 1 of 3
‎01-31-2020 05:20 AM

CIFS file Source Data Retrieval Always Behind

 

Hi Everyone,

We Have CIFS data source and every 5 minutes new log files are written to shared folder.

Capture.PNG

Our Data Source copies and deletes files.

 

Untitled.png

It is now behind 10-12 hours to copy and delete logs. If we don't do anything the gap increases.

As you can see in first  screenshot the log files are 100-200 KB and it shouldn't be hard for McAfee SIEM to copy and delete all of it in once. 

I wrote a script that every 5 minutes take all the log files and make 1 log file. This time SIEM doesn't copy and delete that file. Log file stay in folder and data source show yellow flag after some time and doesn't take the file. The file was 70 MB and it shouldn't be more than 10 seconds to copy and delete that file in our environment.

I couldn't solve the problem. Can you help me?

Thanks.

 

1 person had this problem.
Reply
2 Replies
Raph19
Level 8
Report Inappropriate Content
Message 2 of 3
‎08-26-2020 02:58 AM

Re: CIFS file Source Data Retrieval Always Behind

 

I found this looking at near enough the same problem but have not found a fix yet. However, I would suggestion looking at the logs.

tail -f /var/log/mountcollector.pl.log | grep -i LogShareTest

 

Reply
lratcliffe
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3
‎08-27-2020 01:25 AM

Re: CIFS file Source Data Retrieval Always Behind

I've not heard of any other reports of this as a general issue and I've not experienced this issue in my test environment.  We'd need to check further what exactly is happening.  As has been suggested, the log file for the collector is a good starting point. 

If you are unable to find what is causing the behaviour, please raise a service request and provide a device data file from your receiver for analysis.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC