Hello friends, I'm facing a problem regarding the phAgentManager down
process.When investigating the logs, I saw that this is related to the
Office365 integration with SIEM. The Failed (Failed to parse
hostName(s), invalid hostName or DNS lookup fail...
Greetings community!We are now receiving events from the Kaspersky cloud
in FortiSIEM, where the format is a "System Log", and it has the
following structure, for example:<14>1 2025-04-15T12:50:06.047Z | -
TEST_SIEM_CONNECTION [event@23668 et="TEST_S...
I'm having some problems that are affecting the normal operation of the
workers. Some evidence is below: The first of them is related to the
Shared Store: "Readers phRuleWorker pos 99.9969% more than 15% behind of
Writer" and Event Pipeline: "Worker ...
I noticed a strange behavior to say the least, everything was working
normally until about 4 days ago the incidents that were seen regarding
events in MEA collectors stopped without explanation, that is, the
initial screen that counts the incidents w...
It was identified that the problem was mainly related to the cluster
resources as a whole, as well as to the default values involving event
processing parameters, worker balancing and adjustment of the number of
files in the queue.After making the ...
I noticed that many event upload files are being generated in
/opt/phoenix/cache/parser/upload/evt on Worker 1. I changed the
phoenix_config parameters:[PARSER]max_num_event_files=20000 (changed to
50000)[BEGIN phEventPackager]max_num_event_files=100...
Hello, I would like to inform you that this problem has been resolved.
We noticed that we were experiencing an inconsistency in our hypervisor
that hosts the supervisor's VM. For some reason, our backup agent had
frozen the VM, which we were only abl...
Your analysis was fundamental. We made sure and saw that the collectors
were not able to see the workers, so when we adjusted this, we
immediately stopped and started the collectors in the GUI interface,
waited a while and it was like magic, they sta...
