We have installed the eStreamer app on a Linux forwarder feeding up to our Windows indexers. It will work fine for a number of days and then all of a sudden we stop indexing data from it. We look in the logs on the forwarder and do not see any errors. The estreamer_client.pl script is still running but apparently doing nothing. If we kill the process, another one starts up after a short while and we start receiving defense center data again. However, it does not pick back up from the last point that we received data - so we have a gap that corresponds to how long it took us to realize that the data stopped coming in. The client check utility is no help here. Anyone else seen this? I hate to schedule a recurring restart of the process, but that is the path we are heading down right now.
Thanks.
OK, I have had the same problem and like you I had not clues in any of the logs. I used your fix of killing the process and letting it restart and yup, started getting data again.
I used to have this problem on Another Siem, so I'm wondering if it has something to do with eStreamer rather than the collector....