Yes, on multiple occasions. Each time I fixed it by filtering the query for source or destination for the ip in question. I would find that it was a child of a parent data source or something similar. Another way I did it was to set it up with that IP but use assign a port
Thanks for answer ,
But I want also note , that i did look for any mentioning about that IPs , and did not find any data source or child..
The thing is that they are existing data-sources , which I just want to edit ( change used username and password) but cant ...
Any idea ?
Tnx in advance.
Yes, and if the above didn't work try:
- Look to see if Autolearn created a generic syslog datasource.
- Try Opening the properties page of the parent receiver, datasources , and select your data source
- then uncheck parsing, then recheck, and click write. When complete, try it again
- I would also check the :
- less /usr/local/ess/data/NitroError.Log.
- Outside of that, I then migrated to a different receiver, try to make changes and then move back
- SSH into the receiver, and check out the thirdparty.conf file for duplicate IP's
- Putty into Receiver
- cd /etc/NitroGuard
- less thridparty.conf
I would also, recommend you have an ssh session running at the same time, keeping an eye on messages log with a tailf