3 Replies Latest reply on Dec 23, 2014 2:21 PM by pepelepuu

    Can't edit existing data-source

    M Bagheryan M

      Hello Dears,

      I Can't edit existing data-source . please see the error.





      There is no duplicate data-source or any other instance with same ip , already double checked.


      Currently I have 2 ESXI data-source  and the picture is the same for both.


      I assume that removing and crating the data-source again will solve my problem , but I cant ( do not want to ) delete the already collected logs.


      Did you face such issue ?
      Thanks in advance, for help.
        • 1. Re: Can't edit existing data-source

          Yes, on multiple occasions. Each time I fixed it by filtering the query for source or destination for the ip in question. I would find that it was a child of a parent data source or something similar. Another way I did it was to set it up with that IP but use assign a port

          • 2. Re: Can't edit existing data-source
            M Bagheryan M

            Thanks for answer ,


            But I want also note , that i did look for any mentioning about that IPs , and did not find any data source or child..


            The thing is that they are existing data-sources , which I just want to edit ( change used username and password) but cant ...


            Any idea ?

            Tnx in advance.

            • 3. Re: Can't edit existing data-source

              Yes, and if the above didn't work try:

              • Look to see if  Autolearn created a generic syslog datasource.
              • Try Opening the properties page of the parent receiver, datasources , and select your data source
                • then uncheck parsing, then recheck, and click write. When complete, try it again
              • I would also check the :
                • less /usr/local/ess/data/NitroError.Log.
              • Outside of that, I then migrated to a different receiver, try to make changes and then move back
              • SSH into the receiver, and check out the thirdparty.conf file for duplicate IP's
                1. Putty into Receiver
                2. cd /etc/NitroGuard
                3. less thridparty.conf
                4. /<nameofdatasource>

              I would also, recommend you have an ssh session running at the same time, keeping an eye on messages log with a tailf