Hello FortiSIEMer,
Hope u have a great day!
We notice that we didn't receive any logs on the supervisor from the endpoints, then we tail the phoenix logs :
2024-07-21T02:24:12.306312+03:00 collector phEventPackager[7946]: [PH_EVT_PACKAGER_FILE_UPLOAD_FAILURE]:[eventSeverity]=PHL_WARNING,[procName]=phEventPackager,[fileName]=phEventPKGProcess.cpp,[lineNumber]=1013,[filePath]=/opt/phoenix/cache/parser/events/evt_1721500592_13_73.dat,[errorNoInt]=401,[destName]=super.barq.local,[phLogDetail]=Failed to upload event file to worker
2024-07-21T02:25:13.317998+03:00 collector phEventPackager[7946]: [PH_EVT_PACKAGER_FILE_UPLOAD_FAILURE]:[eventSeverity]=PHL_WARNING,[procName]=phEventPackager,[fileName]=phEventPKGProcess.cpp,[lineNumber]=1013,[filePath]=/opt/phoenix/cache/parser/events/evt_1721500586_32_72.dat,[errorNoInt]=401,[destName]=worker.barq.local,[phLogDetail]=Failed to upload event file to worker
BR, Ali Maher
