I have 4 Linux servers in Forwarder Management (all of them callback) and I am collecting logs from auditd.
All of the 4 linux boxes have the same configuration and send logs to the heavy forwarder, but one of them stopped working.
What I checked:
1. Service Auditd.
2. Firewall.
3. Internet.
And all were good. What did I miss?
The problem was that one linux was in another subnet without access to the heavy forwarder.
The problem was that one linux was in another subnet without access to the heavy forwarder.
Hey @test_qweqwe, Can you post your solution as an answer? You can then accept the solution to close the question. You'll receive some karma points this time as well. 🙂
Hello, @lfedak!
I did as you said.
P.S. Nice to see you again in my questions 😄