Have you tried typing "NitroStarted" on the console # prompt (e.g. <HOSTNAME>#) this will give you the status of the ESM. Then you can type "NitroStart --nod" to restart the ESM, then tail the /var/log/messages file to review the progress and/or errors.
I solved the problem for now. I stopped and startted the Receiver from ESM console. The problem is gone. But I couldnt find the real reason for that.
How did this happend;
I added the DNS client as log source via v10 SIEM collector. v10 works 8081 port on default (MEF port). I changed the port on collector and ESM console(log source list- interface)
That error showed up.
Did you verified the space allocated to ELM raw logs?
According to KB91580 "...the ELM management database has grown and exceeds the available capacity in the storage device to which it is allocated. To prevent data loss, the ELM stops services when free space is less than 105 GB and restarts when free space is greater than 125
To confirm that low disk space caused the issue, use the following command to get the path (location) of the ELM management database:
#grep path /etc/NitroGuard/mgtdbloc.conf
After you identify the path, use the following command to examine disk space on the drive:
#df -h /elm_allocations/MGTDB_ALLOCATION_20190531060606/mgtdb
Filesystem Size Used Avail Use% Mounted on
/dev/md6 493G 388G 100G 80% /elm_allocations/MGTDB_ALLOCATION_20190531060606
NOTE: If the amount of free space is under 105 GB, the ELM management database stops."
Hope this help you!