After starting the McAfee Linux Event Collector agent new logs are received and inserted into the ESM for several minutes, after which time the agent continues to run but no new logs are inserted. If I restart the agent then new logs are processed for several minutes again, but after which no new logs are processed. This appears to affect every system running the Linux Event Collector agent. Configuration: We are running version 9.3.2 hf3 20140203. At this point, I'm using a cron job to restart the agent, which is less than ideal.
Do your systems use boot from disk like a NAS or SAN or are they local disk?
We have had this same problem dating back to the 9.1.x days and have had a support issue opened for sometime now with the hopes it would get some traction. We were told that this appears to be a known bug but even with that this problem has not gained the attention of any one on the product development side to fix it. Unfortunately for us CRON is not the answer that I am willing to accept as the work around.Message was edited by: chris_hankins on 2/14/14 1:41:37 PM CST
They are all local disk. Yes we have had a ticket in for months, and were told that we needed to enter a PER. It seems odd that it's an "enhancement" for thier product to run correctly.