Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

SSIM 4.6 and Checkpoint Event Collector

Updated: 21 May 2010 | 11 comments
jgill's picture
jgill
0 0 Votes
Login to vote

I seen seveal post to a similar issue I'm having, but have not seen the silver bullet.  

Server is 4.6.2.21
Check Point Firewall-1Event Collector 4.3

After configuing and exchanging certificates I get a process where the opseckeasensor gets a error reading the device and an Unknown exception.    The process seems to just stop and restart over and over.  If I don't have the computer defined, I can see a clean startup (with no defined sensors).  Once I add the device and reset the certs I start getting this error.  Prior to reseting the certs I see a clean log except for the cert error.  fix the cert error, and it progresses to this message. 

Any help is greatly accepted!
JG 

GUI Log message
5 - Critical Application Sep 15, 2009 4:47:06 PM MDT Sep 15, 2009 4:47:06 PM MDT Error While Reading from Data Source Check Point(R) FireWall-1 

Log file results:

tail /opt/Symantec/sesa/Agent/logs/checkpoint.log          INFO    2009-09-15 16:46:40,943 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-102      OpsecLeaSensor(Sensor 0) has been opened.
ERROR   2009-09-15 16:46:40,954 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-102      OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
WARN    2009-09-15 16:46:40,955 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-102      Exception in Sensor thread [Sensor 0] while reading device. Details:
java.lang.Exception: OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
        at com.symantec.cas.ucf.sensors.Opsec.OpsecLeaSensor.readDevice(OpsecLeaSensor.java:301)
        at com.symantec.cas.ucf.collector.SensorJob.pollSensor(SensorJob.java:186)
        at com.symantec.cas.ucf.collector.SensorJob.run(SensorJob.java:253)
        at java.lang.Thread.run(Unknown Source)
WARN    2009-09-15 16:46:40,955 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-102      Restarting the sensor...
INFO    2009-09-15 16:46:40,955 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-102      OpsecLeaSensor(Sensor 0) is not running

discussion Filed Under:
, ,

Comments

Laurent_c's picture
16
Sep
2009
0 Votes 0
Login to vote
Laurent_c
Symantec Employee
Accredited

What is the checkpoint

What is the checkpoint version you collecting from ?

Is the cert present in the subfolder in a certs folder ?

Maybe you could try to enable debug on checkpoint collector?

Have you ran LiveUpdate fro tis collector ?

jgill's picture
16
Sep
2009
0 Votes 0
Login to vote
jgill

What is the checkpoint

What is the checkpoint version you collecting from ? NGX RG2

Is the cert present in the subfolder in a certs folder ? Yes,  I see a successfull excange of certs.  Checkpoint shows good.  

Maybe you could try to enable debug on checkpoint collector? Working with the FW guys on that one...

Have you ran LiveUpdate fro tis collector ? Yes shows that 4.3 is the latest version (ironic for a product thats version 4.6)

Check Point(R) FireWall-1 Event Collector English 4.30.00 20090319 No update available
jgill's picture
16
Sep
2009
0 Votes 0
Login to vote
jgill

typo

What is the checkpoint version you collecting from ? NGX R62  on the version.  I can post the build # if you need it.

Laurent_c's picture
16
Sep
2009
0 Votes 0
Login to vote
Laurent_c
Symantec Employee
Accredited

The debug is on the Collector

The debug is on the Collector itself not the firewall. (look at the log4j.properties file)

Concerning the version, the collectors have a different versioning than the main SSIM product as they are on different lifecycle

jgill's picture
21
Sep
2009
0 Votes 0
Login to vote
jgill

Found the file, now what?

Ok,  Have to admit, not seeing a debug flag  is it as simple as modifing the file shown below by adding a line log4j.level=DEBUG  ?  If so does it matter where I add the line? 

tail /opt/Symantec/sesa/Agent/collectors/checkpoint/log4j.properties

log4j.appender.perf_checkpoint_detail.layout=org.apache.log4j.PatternLayout
log4j.appender.perf_checkpoint_detail.layout.ConversionPattern=module:%X{module} events:%X{events} time:%X{timestamp} rate:%X{rate}%n

# Extended IO Appender
log4j.appender.ExtendedIO_checkpoint=org.apache.log4j.RollingFileAppender
log4j.appender.ExtendedIO_checkpoint.File=${log4j.logpath}/extendedio_checkpoint.log
log4j.appender.ExtendedIO_checkpoint.MaxFileSize=${log4j.maxfilesize}
log4j.appender.ExtendedIO_checkpoint.MaxBackupIndex=${log4j.maxbackups}
log4j.appender.ExtendedIO_checkpoint.layout=org.apache.log4j.PatternLayout
log4j.appender.ExtendedIO_checkpoint.layout.ConversionPattern=%d\t%c\t%t\t%m%n

 

shaun_b's picture
23
Sep
2009
0 Votes 0
Login to vote
shaun_b
Accredited

The line item for logging

The line item for logging will already be there, it will just be set to INFO. You need to change INFO to DEBUG. The line is near the top of the file and easy to find. You can also just use the agentmgmt.sh script to do this as well.

/opt/Symantec/sesa/Agent/agentmgmt.sh   I can't remember what the option is but there is an option to set logs to "DEBUG" mode. This will set ALL collector logs to DEBUG, so once your done you'll want to set it back.

jgill's picture
23
Sep
2009
0 Votes 0
Login to vote
jgill

That's alot eaiser that modifying a properties file..

 ./agentmgmt.sh

SSIM Collector / Agent Management Scripts

1.  Show Agent Status
2.  Flush Agent Queue
3.  Reload Agent Config
4.  Force Agent to Check-In (Heartbeat)
5.  Force Agent to send its Software Inventory and State Updates
6.  View Log Files
7.  Force Rebootstrap of Agent to SSIM
8.  Gather Data for Technical Support
9.  Enable/Disable Collector Debug
10. Start the Agent
11. Stop the Agent
12. Quit

Select an option and press the enter key to execute.
9
SESA Data Gathering and Information Utility
Version: 4.5.0.3

The collector logs have been set for log4j.level=DEBUG

Press any key to continue...

 

jgill's picture
23
Sep
2009
0 Votes 0
Login to vote
jgill

Still the same Super Detailed error message: Unknown exception

tail /opt/Symantec/sesa/Agent/logs/checkpoint.log
INFO    2009-09-23 17:25:36,482 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-102      OpsecLeaSensor(Sensor 0) has been opened.
ERROR   2009-09-23 17:25:36,493 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-102      OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
WARN    2009-09-23 17:25:36,493 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-102      Exception in Sensor thread [Sensor 0] while reading device. Details:
java.lang.Exception: OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
        at com.symantec.cas.ucf.sensors.Opsec.OpsecLeaSensor.readDevice(OpsecLeaSensor.java:301)
        at com.symantec.cas.ucf.collector.SensorJob.pollSensor(SensorJob.java:186)
        at com.symantec.cas.ucf.collector.SensorJob.run(SensorJob.java:253)
        at java.lang.Thread.run(Unknown Source)
WARN    2009-09-23 17:25:36,493 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-102      Restarting the sensor...
INFO    2009-09-23 17:25:36,493 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-102      OpsecLeaSensor(Sensor 0) is not running

shaun_b's picture
24
Sep
2009
0 Votes 0
Login to vote
shaun_b
Accredited

Stop / Start the Agent

Using that same agentmgmt.sh script, stop and start the Agent. Then go back into the log file and post what you have. Make sure to include as much information as possible. "tailing" it won't give us everything. "cat" may be a better option.

jgill's picture
24
Sep
2009
0 Votes 0
Login to vote
jgill

Sanitized version of log

Removed all the sensitive stuff from this public fourm, but left as much detail as possible.  Names, IP's MAC's Host all changed to like values throught log.

Portion of : cat /opt/Symantec/sesa/Agent/logs/checkpoint.log

Sensor will be reopened. Details: Unknown exception.
DEBUG   2009-09-24 09:19:56,885 Collectors.3120.sender  Thread-44       key = event_dt; value=1253805596884; type=3
DEBUG   2009-09-24 09:19:56,885 Collectors.3120.sender  Thread-44       key = event_desc; value=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.; type=1
DEBUG   2009-09-24 09:19:56,885 Collectors.3120.sender  Thread-44       key = reporting_sensor; value=Sensor 0; type=1
DEBUG   2009-09-24 09:19:56,885 Collectors.3120.sender  Thread-44       Event before sending ----------------->
 {end_event_dt=Thu Sep 24 09:19:56 MDT 2009, event_dt=Thu Sep 24 09:19:56 MDT 2009, event_desc=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception., reporting_sensor=Sensor 0}
---------------------------------------

DEBUG   2009-09-24 09:19:56,885 Collectors.3120.sender  Thread-44
=======================================
Send event: fID=31200101 class="symc_audit"
 Map={create_dt=Thu Sep 24 09:19:56 MDT 2009, machine_num_subnet=173474304, product_version=4.3, end_event_dt=Thu Sep 24 09:19:56 MDT 2009, product_id=3120, event_desc=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception., machine_mac=99-99-FF-FF-FF-FF, swfeature_id=31200101, event_id=1002017, category_id=30007601, severity=5, machine=myhost.mydomain.com, machine_subnet=10.#.#.#, org_unit=ou=Default, user_name=symantec_user, machine_ip=10.X.X.X, event_ct=1, home_domain=MyDomain.SES, event_dt=Thu Sep 24 09:19:56 MDT 2009, machineid=0a57020cdec53309121eee4aa5e01004, reporting_sensor=Sensor 0, machine_num_ip=173474316}
=======================================

WARN    2009-09-24 09:19:56,885 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Exception in Sensor thread [Sensor 0] while reading device. Details:
java.lang.Exception: OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
        at com.symantec.cas.ucf.sensors.Opsec.OpsecLeaSensor.readDevice(OpsecLeaSensor.java:301)
        at com.symantec.cas.ucf.collector.SensorJob.pollSensor(SensorJob.java:186)
        at com.symantec.cas.ucf.collector.SensorJob.run(SensorJob.java:253)
        at java.lang.Thread.run(Unknown Source)
WARN    2009-09-24 09:19:56,885 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Restarting the sensor...
INFO    2009-09-24 09:19:56,885 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       OpsecLeaSensor(Sensor 0) is not running
DEBUG   2009-09-24 09:19:56,885 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Sensor thread [Sensor 0] is stopped.
DEBUG   2009-09-24 09:19:56,885 Collectors.3120.wGroup.[workinggroup0].SensorThread.Statistics  Thread-44       Statistics stopped for Sensor 0 sensor.
DEBUG   2009-09-24 09:19:57,886 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Sensor thread [Sensor 0] is trying to open device.
DEBUG   2009-09-24 09:19:57,886 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       No need to request certificate - it's already exist.
INFO    2009-09-24 09:19:57,887 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       OpsecLeaSensor(Sensor 0) has been opened.
DEBUG   2009-09-24 09:19:57,887 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Sensor thread [Sensor 0] is started.
DEBUG   2009-09-24 09:19:57,887 Collectors.3120.wGroup.[workinggroup0].SensorThread.Statistics  Thread-44       Starting statistics for Sensor 0 sensor at period of :300000 ms.
ERROR   2009-09-24 09:19:57,897 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
DEBUG   2009-09-24 09:19:57,897 Collectors.3120.sender  Thread-44       key = event_dt; value=1253805597897; type=3
DEBUG   2009-09-24 09:19:57,897 Collectors.3120.sender  Thread-44       key = event_desc; value=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.; type=1
DEBUG   2009-09-24 09:19:57,897 Collectors.3120.sender  Thread-44       key = reporting_sensor; value=Sensor 0; type=1
DEBUG   2009-09-24 09:19:57,898 Collectors.3120.sender  Thread-44       Event before sending ----------------->
 {end_event_dt=Thu Sep 24 09:19:57 MDT 2009, event_dt=Thu Sep 24 09:19:57 MDT 2009, event_desc=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception., reporting_sensor=Sensor 0}
---------------------------------------

DEBUG   2009-09-24 09:19:57,898 Collectors.3120.sender  Thread-44
=======================================
Send event: fID=31200101 class="symc_audit"
 Map={create_dt=Thu Sep 24 09:19:57 MDT 2009, machine_num_subnet=173474304, product_version=4.3, end_event_dt=Thu Sep 24 09:19:57 MDT 2009, product_id=3120, event_desc=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception., machine_mac=99-99-FF-FF-FF-FF, swfeature_id=31200101, event_id=1002017, category_id=30007601, severity=5, machine=myhost.mydomain.com, machine_subnet=10.#.#.#, org_unit=ou=Default, user_name=symantec_user, machine_ip=10.X.X.X, event_ct=1, home_domain=MyDomain.SES, event_dt=Thu Sep 24 09:19:57 MDT 2009, machineid=0a57020cdec53309121eee4aa5e01004, reporting_sensor=Sensor 0, machine_num_ip=173474316}
=======================================

WARN    2009-09-24 09:19:57,898 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Exception in Sensor thread [Sensor 0] while reading device. Details:
java.lang.Exception: OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
        at com.symantec.cas.ucf.sensors.Opsec.OpsecLeaSensor.readDevice(OpsecLeaSensor.java:301)
        at com.symantec.cas.ucf.collector.SensorJob.pollSensor(SensorJob.java:186)
        at com.symantec.cas.ucf.collector.SensorJob.run(SensorJob.java:253)
        at java.lang.Thread.run(Unknown Source)
WARN    2009-09-24 09:19:57,898 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Restarting the sensor...
INFO    2009-09-24 09:19:57,898 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       OpsecLeaSensor(Sensor 0) is not running
DEBUG   2009-09-24 09:19:57,898 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Sensor thread [Sensor 0] is stopped.
DEBUG   2009-09-24 09:19:57,898 Collectors.3120.wGroup.[workinggroup0].SensorThread.Statistics  Thread-44       Statistics stopped for Sensor 0 sensor.
DEBUG   2009-09-24 09:19:58,899 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Sensor thread [Sensor 0] is trying to open device.
DEBUG   2009-09-24 09:19:58,899 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       No need to request certificate - it's already exist.
INFO    2009-09-24 09:19:58,899 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       OpsecLeaSensor(Sensor 0) has been opened.
DEBUG   2009-09-24 09:19:58,899 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Sensor thread [Sensor 0] is started.
DEBUG   2009-09-24 09:19:58,899 Collectors.3120.wGroup.[workinggroup0].SensorThread.Statistics  Thread-44       Starting statistics for Sensor 0 sensor at period of :300000 ms.
ERROR   2009-09-24 09:19:58,910 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
DEBUG   2009-09-24 09:19:58,910 Collectors.3120.sender  Thread-44       key = event_dt; value=1253805598910; type=3
DEBUG   2009-09-24 09:19:58,910 Collectors.3120.sender  Thread-44       key = event_desc; value=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.; type=1
DEBUG   2009-09-24 09:19:58,910 Collectors.3120.sender  Thread-44       key = reporting_sensor; value=Sensor 0; type=1
DEBUG   2009-09-24 09:19:58,910 Collectors.3120.sender  Thread-44       Event before sending ----------------->
 {end_event_dt=Thu Sep 24 09:19:58 MDT 2009, event_dt=Thu Sep 24 09:19:58 MDT 2009, event_desc=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception., reporting_sensor=Sensor 0}
---------------------------------------

DEBUG   2009-09-24 09:19:58,910 Collectors.3120.sender  Thread-44
=======================================
Send event: fID=31200101 class="symc_audit"
 Map={create_dt=Thu Sep 24 09:19:58 MDT 2009, machine_num_subnet=173474304, product_version=4.3, end_event_dt=Thu Sep 24 09:19:58 MDT 2009, product_id=3120, event_desc=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception., machine_mac=99-99-FF-FF-FF-FF, swfeature_id=31200101, event_id=1002017, category_id=30007601, severity=5, machine=myhost.mydomain.com, machine_subnet=10.#.#.#, org_unit=ou=Default, user_name=symantec_user, machine_ip=10.X.X.X, event_ct=1, home_domain=MyDomain.SES, event_dt=Thu Sep 24 09:19:58 MDT 2009, machineid=0a57020cdec53309121eee4aa5e01004, reporting_sensor=Sensor 0, machine_num_ip=173474316}
=======================================

WARN    2009-09-24 09:19:58,911 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Exception in Sensor thread [Sensor 0] while reading device. Details:
java.lang.Exception: OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
        at com.symantec.cas.ucf.sensors.Opsec.OpsecLeaSensor.readDevice(OpsecLeaSensor.java:301)
        at com.symantec.cas.ucf.collector.SensorJob.pollSensor(SensorJob.java:186)
        at com.symantec.cas.ucf.collector.SensorJob.run(SensorJob.java:253)
        at java.lang.Thread.run(Unknown Source)
WARN    2009-09-24 09:19:58,911 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Restarting the sensor...
INFO    2009-09-24 09:19:58,911 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       OpsecLeaSensor(Sensor 0) is not running
DEBUG   2009-09-24 09:19:58,911 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Sensor thread [Sensor 0] is stopped.
DEBUG   2009-09-24 09:19:58,911 Collectors.3120.wGroup.[workinggroup0].SensorThread.Statistics  Thread-44       Statistics stopped for Sensor 0 sensor.
DEBUG   2009-09-24 09:19:59,912 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Sensor thread [Sensor 0] is trying to open device.
DEBUG   2009-09-24 09:19:59,912 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       No need to request certificate - it's already exist.
INFO    2009-09-24 09:19:59,912 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       OpsecLeaSensor(Sensor 0) has been opened.
DEBUG   2009-09-24 09:19:59,912 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Sensor thread [Sensor 0] is started.
DEBUG   2009-09-24 09:19:59,912 Collectors.3120.wGroup.[workinggroup0].SensorThread.Statistics  Thread-44       Starting statistics for Sensor 0 sensor at period of :300000 ms.
ERROR   2009-09-24 09:19:59,923 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
DEBUG   2009-09-24 09:19:59,923 Collectors.3120.sender  Thread-44       key = event_dt; value=1253805599923; type=3
DEBUG   2009-09-24 09:19:59,923 Collectors.3120.sender  Thread-44       key = event_desc; value=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.; type=1
DEBUG   2009-09-24 09:19:59,923 Collectors.3120.sender  Thread-44       key = reporting_sensor; value=Sensor 0; type=1
DEBUG   2009-09-24 09:19:59,923 Collectors.3120.sender  Thread-44       Event before sending ----------------->
 {end_event_dt=Thu Sep 24 09:19:59 MDT 2009, event_dt=Thu Sep 24 09:19:59 MDT 2009, event_desc=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception., reporting_sensor=Sensor 0}
---------------------------------------

DEBUG   2009-09-24 09:19:59,923 Collectors.3120.sender  Thread-44
=======================================
Send event: fID=31200101 class="symc_audit"
 Map={create_dt=Thu Sep 24 09:19:59 MDT 2009, machine_num_subnet=173474304, product_version=4.3, end_event_dt=Thu Sep 24 09:19:59 MDT 2009, product_id=3120, event_desc=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception., machine_mac=99-99-FF-FF-FF-FF, swfeature_id=31200101, event_id=1002017, category_id=30007601, severity=5, machine=myhost.mydomain.com, machine_subnet=10.#.#.#, org_unit=ou=Default, user_name=symantec_user, machine_ip=10.X.X.X, event_ct=1, home_domain=MyDomain.SES, event_dt=Thu Sep 24 09:19:59 MDT 2009, machineid=0a57020cdec53309121eee4aa5e01004, reporting_sensor=Sensor 0, machine_num_ip=173474316}
=======================================

WARN    2009-09-24 09:19:59,923 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Exception in Sensor thread [Sensor 0] while reading device. Details:
java.lang.Exception: OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
        at com.symantec.cas.ucf.sensors.Opsec.OpsecLeaSensor.readDevice(OpsecLeaSensor.java:301)
        at com.symantec.cas.ucf.collector.SensorJob.pollSensor(SensorJob.java:186)
        at com.symantec.cas.ucf.collector.SensorJob.run(SensorJob.java:253)
        at java.lang.Thread.run(Unknown Source)
WARN    2009-09-24 09:19:59,923 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Restarting the sensor...
INFO    2009-09-24 09:19:59,924 Collectors.3120.wGroup.[workinggroup0].Sensor.[Sensor_0]        Thread-44       OpsecLeaSensor(Sensor 0) is not running
DEBUG   2009-09-24 09:19:59,924 Collectors.3120.wGroup.[workinggroup0].SensorThread     Thread-44       Sensor thread [Sensor 0] is stopped.
DEBUG   2009-09-24 09:19:59,924 Collectors.3120.wGroup.[workinggroup0].SensorThread.Statistics  Thread-44       Statistics stopped for Sensor 0 sensor.
[root@MYHOST Agent]#

shaun_b's picture
29
Sep
2009
0 Votes 0
Login to vote
shaun_b
Accredited

appreciate the verbosity

DEBUG   2009-09-24 09:19:57,897 Collectors.3120.sender  Thread-44       key = event_desc; value=OpsecLeaSensor(Sensor 0) error in readDevice(). Sensor will be reopened. Details: Unknown exception.; type=1

It's all about that unknown exception. Seems to be something particular to your sensor setup and configuration. Can you take a look at the following KB articles and let us know if they provide any insight? The Checkpoint collectors are usually a pain sometimes and making sure all the sensor properties are setup properly, as well as the checkpoint side of things, this is generally what you'll get hanged up on. Check out this and let us know if it's in line towards what you have setup...

http://service1.symantec.com/support/ent-gate.nsf/...

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,054