Have a SIEM running 9.6.0 MR 4.
Have added a syslog data source that is running syslog-ng so I want to enable autolearn to pick up all the subordinate hosts.
When I try and enable it, it fails to enable and I get this error in the GUI:
And around the same time I see this or similar in /var/log/messages:
asp-test: segfault at 4 ip 00007efef57b776d sp 00007efeebffe720 error 4 in libasp.so.0.1[7efef5785000+82000]
Anyone have any clues what's going on here? Solution?
Step 1. Upgrade (I hate to sound like the support's broken record, but there's much better places to be than MR4). 9.6.1 at least and then how does it look?