| Solution |
The issue occurs when the device name in the CMDB has been altered, either automatically or manually, causing a mismatch.
1. Monitor the Phoenix Log in Real-Time: se the following command to monitor the phoenix.log for error messages:
# tail -f /opt/glassfish/domains/domain1/logs/phoenix.log
- Trigger the Issue: In the FortiSIEM GUI, select the 'Remediate Incident' option for the affected device.
- Check the Errors in the Logs: When the 502 Proxy Error occurs, review the log for entries similar to the following:
2024-12-19 10:42:38,695 [http-listener-2(6)] ERROR com.ph.phoenix.model.ui.Whois - [PH_APPSERVER_GENERIC_ERROR]:[phCustId]=2000,[eventSeverity]=PHL_ERROR,[phEventCategory]=3,[procName]=AppServer,[phLogDetail]=Failed to communicate with whois server whois.networksolutions.com
Additionally, check if there is another log entry similar to:
2024-12-19 10:43:44,781 [http-listener-2(19)] ERROR com.ph.phoenix.model.ui.Whois - [PH_APPSERVER_GENERIC_ERROR]:[phCustId]=2000,[eventSeverity]=PHL_ERROR,[phEventCategory]=3,[procName]=AppServer,[phLogDetail]=Error: Failed to communicate with whois server whois.internic.net
Note:
The whois server mentioned in the log is unrelated to this issue.
- Verify the Device's Name: Access the Device Settings and confirm the original name, IP address and go to CMDB -> Devices, locate the device by its IP address, and compare its name to the original name.
- Correct the Device’s Name in the CMDB: Navigate to CMDB -> Devices and select the affected device select Edit, update the name to match the original name, and select Save.
- Test the Solution: Go to the Incidents tab, and attempt to remediate the incident for the affected device using the 'Remediate Incident' option to ensure the issue is resolved.
Conclusion:
This issue arises from mismatched device names in the CMDB. By correcting the name to match the original, the 502 Proxy Error can be resolved effectively.
|
