Stream Stopped Showing New Messages

I have a number of UDP syslog streams from our firewalls. One of them stopped showing new messages on 4/4/24 at 23:41 UTC.

If I view the incoming message from the Input, I see the same thing. However, the index for this input and stream is still incrementing upward.

All other firewalls (same vendor and/or model) are showing current data in all views.

I tried a rotate and then recalc on the active index. No change in behavior after each operation.

I verified that the Stream is setup correctly. The firewall in question has new data and appears to be sending out syslog as expected.

Summary:

• Input, view received messages - last message on 4/4/24 at 23:41 UTC.
• Stream - 4/4/24 at 23:41 UTC.
• Index - (Contains messages up to a few seconds ago (205.2MiB / 680,294 messages)" and is continuing to increment.

Ideas?

Having had the same issue with my QNAP server suddenly stopped feeding logs into the stream for no apparent reason, yet still showing input kbs in the input stream it turned out to be the date format from the input device. The qnap was set to summertime change and when the time changed - (clocks went forward) boom! the issue started. I have to say I have read everywhere that the time format can cause issues and I thought I had it covered but it’s a learning curve. Im not sure if this is the exact issue but it is an idea to play with and see as it appears to be the same symptom I had so hopefully that’s it.
Bear in mind I spent a half day convinced that it wasn’t that issue only to find it was!
Every day is a school day.

I changed the firewall’s logging setting from local time to UTC. After that, all of the logs started showing up in GL. Including the “missing” entries. Thanks.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.