Any idea on how to fix this if the data source is Check Point (ASP)? Can't see any Time Zone setting for this data source type...
I had the same issue for Cisco and it happened after a network issue, around 24 hours without getting data, and I think it was a problem of data in cache . it's trying to retrieve a bunch o data in cache and it crashs and sometimes blocks another resources to get events as well... I don't know exactly but it worked for me recreating the data source.
1 of 1 people found this helpful
That message usually means the receiver is playing catchup because you possibly have one or more datasource(s) hammering the receiver. Log into the receiver cd /var/log/data/inline/thirdparty.logs/ you should see the directories for your datasources run "du -shx *" and see if there are any directories with a high volume of data underneath. From there you can find the matching host/IP in /etc/NitroGuard/thirdparty.conf.