| Description |
This article explains why a new Collector goes into Critical Status due to it is not able to send events to the Supervisor or Worker node, Last File Received is in Critical status. The following errors are continuously generated in the collector phoenix log tail -f /opt/phoenix/log/phoenix.log.
2024-08-30T16:31:36.031019-05:00 collector713 phEventPackager[3512]: [PH_EVT_PACKAGER_FILE_UPLOAD_FAILURE]:[eventSeverity]=PHL_WARNING,[procName]=phEventPackager,[fileName]=phEventPKGProcess.cpp,[lineNumber]=1008,[filePath]=/opt/phoenix/cache/parser/events/evt_1725051969_3_0.dat,[errorNoInt]=405,[destName]=10.0.1.39,[phLogDetail]=Failed to upload event file to worker 2024-08-30T16:32:37.052748-05:00 collector713 phEventPackager[3512]: [PH_HTTP_RESPONSE_FAILURE]:[eventSeverity]=PHL_WARNING,[procName]=phEventPackager,[fileName]=phHttpClient.cpp,[lineNumber]=609,[errorNo]=405,[phLogDetail]=HTTP response code failure 2024-08-30T16:32:37.052762-05:00 collector713 phEventPackager[3512]: [PH_EVT_PACKAGER_FILE_UPLOAD_FAILURE]:[eventSeverity]=PHL_WARNING,[procName]=phEventPackager,[fileName]=phEventPKGProcess.cpp,[lineNumber]=1008,[filePath]=/opt/phoenix/cache/parser/events/evt_1725051969_3_0.dat,[errorNoInt]=405,[destName]=10.0.1.39,[phLogDetail]=Failed to upload event file to worker |
| Scope | FortiSIEM Nodes. |
| Solution |
tail -f /opt/phoenix/log/phoenix.log Related documents: |
