Guest

Preview Tool

Cisco Bug: CSCvu32428 - encore cef connector - Message data too large under estreamer.log

Last Modified

Aug 26, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

3.5.4

Description (partial)

Symptom:
Estreamer SIEM [Arcsight ] not retrieving events from FMC due to encore cef being flapping and getting disconnected from time to time causing logs not to appear on SIEM.

Similar logs are seen on the encore

line 403, in onEvent\n    write( item, self.settings )\n  File "/fp-05-firepower-cef-connector-arcsight-master/estreamer/pipeline.py", line 228, in write\n    streams[ index ].write( event['payloads'][index] + delimiter )\n  File "/fp-05-firepower-cef-connector-arcsight-master/estreamer/streams/tcp.py", line 54, in write\n    self.socket.send( data.encode( self.encoding ) )\nerror: [Errno 110] Connection timed out\n
2020-05-16 10:53:44,212 Writer       ERROR    Message data too large. Enable debug if asked to do so.
2020-05-16 10:53:44,212 Writer       INFO     Error state. Clearing queue
2020-05-16 10:55:32,952 Controller   INFO     Process writer state is Error.

Conditions:
encore cef for Arcsight 3.5.3
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.