Showing results for 
Search instead for 
Did you mean: 

Red Flag alert for Data Source

I have implemented ESM and two Recievers on customer site. There is one Data Source (Windows IIS) with different timezone to the Receiver, and I have continuousely got a red flag alert - 'internal health monitor - The data source is significantly behind data processing...' Does anyone know how to fix this ?



4 Replies
Level 11
Report Inappropriate Content
Message 2 of 5

Re: Red Flag alert for Data Source

Please try to set time zone in the Data Source configuration:




Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: Red Flag alert for Data Source

Hey Artek,

Any idea on how to fix this if the data source is Check Point (ASP)? Can't see any Time Zone setting for this data source type...



Re: Red Flag alert for Data Source

I had the same issue for Cisco and it happened after a network issue, around 24 hours without getting data, and I think it was a problem of data in cache . it's trying to retrieve a bunch o data in cache and it crashs and sometimes blocks another resources to get events as well... I don't know exactly but it worked for me recreating the data source.

Level 9
Report Inappropriate Content
Message 5 of 5

Re: Red Flag alert for Data Source


  That message usually means the receiver is playing catchup because you possibly have one or more datasource(s) hammering the receiver.  Log into the receiver cd /var/log/data/inline/thirdparty.logs/ you should see the directories for your datasources run "du -shx *" and see if there are any directories with a high volume of data underneath.   From there you can find the matching host/IP in /etc/NitroGuard/thirdparty.conf.



More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community