We're also having exactly the same error after patching to 9.6.0.
Anyone who can shed some light why this is occurring is greatly appreciated.
Did anyone get an answer for this one? I'm seeing multiple alerts of this type every day, including bad event times for my correlation engine.
Does anyone know how to troubleshoot bad event times?
is it really bad time on events against receiver data source setting or false positive more of a cosmetic issue?
I also have the same issue and have been working with support for awhile on this. Support states there are no other cases reporting the same issue. Have you opened a case with support? If not, will you?
I'm going to speak to our 3rd party support this afternoon to see if they have any ideas.
Failing that, I'll look to upgrade the ESM software to the latest release once the first hotfixes have been released. We are currently on 9.6.0 MR7 20161107.
Apologies for not replying sooner! As previously thought, the guidance from our third party supplier is to upgrade to the latest release in the first instance.
I was waiting for the first MR for version 10 to be released before upgrading, but now that it is available I will perform the upgrade and see if it fixes the issue.
I had a case opened for the same issue but support closed it out saying that it was my issue since the events coming in with bad times on events.
What kind of data source is it? Perhaps check the packet data for actual event timestamp and match the data source setting to that? The only time that I see bad event time and can't fix is ePO, where newly built PCs will report back with a bad event time for the first time to ePO server.
In my case it is the correlation engine that is reporting bad times every 4 hours - like clockwork!