cancel
Showing results for 
Search instead for 
Did you mean: 
sssyyy
Level 12

ESM 9.6.0 MR7 Bug

Just upgraded to MR7, and found a possible bug, where inactive flag would display beside data source, while it's actively getting logs within the inactivity setting timeframe. Anyone else seeing this?

0 Kudos
3 Replies
pepelepuu
Level 10

Re: ESM 9.6.0 MR7 Bug

I saw a similar issue, and made a similar assumption. However, while observing the messages log in real time for the 2 data-sources, it turned out to be the 2 data-sources were affected more by time change. This is in addition to the parser being changed to meet the new parameters of an up to date Cisco device.

I would recommend doing a MANUAL rule update, and a policy push to ALL devices. Thats how I fixed my issue that seems similar to yours.

0 Kudos
sssyyy
Level 12

Re: ESM 9.6.0 MR7 Bug

Tried manual rule update and rolled policy out to all devices. But the inactive flag is still there. Mine is a Linux data source with syslog data. Which rule update did you use? I tried both below without any luck:

RuleUpdates_9006000_2016_10_20_23_59

RuleUpdates_9006000_2016_11_09_23_59

0 Kudos
Reiner
Level 10

Re: ESM 9.6.0 MR7 Bug

I would suggest logging a Service Request with McAfee.

0 Kudos