We are receiving multiple alerts for bad events after recent patching to 9.6.0
|9/08/2016 01:31:39,,Local Receiver-ELM (144116287587483648),Critical,Device,The following data source(s) are returning events with|
: "Data source
Can anyboady came across this situation or any solution and suggestion?
Did anyone get an answer for this one? I'm seeing multiple alerts of this type every day, including bad event times for my correlation engine.
Does anyone know how to troubleshoot bad event times?
I also have the same issue and have been working with support for awhile on this. Support states there are no other cases reporting the same issue. Have you opened a case with support? If not, will you?
What kind of data source is it? Perhaps check the packet data for actual event timestamp and match the data source setting to that? The only time that I see bad event time and can't fix is ePO, where newly built PCs will report back with a bad event time for the first time to ePO server.
Apologies for not replying sooner! As previously thought, the guidance from our third party supplier is to upgrade to the latest release in the first instance.
I was waiting for the first MR for version 10 to be released before upgrading, but now that it is available I will perform the upgrade and see if it fixes the issue.