BO
well , thank you
good afternoon , Hope all are doing well today ,
is there a blog or lab for MAXpatrol SIEM or technical Scenarios??
more resources ?? to clarify more ??
Size: a a a
2020 February 23
2020 February 24
BO
MH
hi everyone im tring to install meduim load SIEM , everything went well but we faced this msg
MH
SIEM Server Events Storage on the host 192.168.0.6 is responding with delay or is unavailable. Messages from all agents will be paused.
From Core Watchdog
on the host MAX_WIN (192.168.0.6)
From Core Watchdog
on the host MAX_WIN (192.168.0.6)
К
Mohammed Houssani
SIEM Server Events Storage on the host 192.168.0.6 is responding with delay or is unavailable. Messages from all agents will be paused.
From Core Watchdog
on the host MAX_WIN (192.168.0.6)
From Core Watchdog
on the host MAX_WIN (192.168.0.6)
Apparently something happened with Storage component. You've got to check its status as well as availability from the Core server.
I bet there is a problem with configuration during the installation. Perhaps, too much memory allocated for ES heap sizes.
I bet there is a problem with configuration during the installation. Perhaps, too much memory allocated for ES heap sizes.
MH
How can we change ES heap size ?
MH
К
Mohammed Houssani
How can we change ES heap size ?
Try to look for it in the Implementation Guide. The sum of all the heaps must be at max half of the total RAM amount.
I.e. if you have 64GB of RAM you'll need something around 10+10+8+4 (data1+data2+master+client)=32GB of RAM dedicated to heaps.
I.e. if you have 64GB of RAM you'll need something around 10+10+8+4 (data1+data2+master+client)=32GB of RAM dedicated to heaps.
MH
i have 164 G
MH
and the heap size is the defualt
MH
but still the same problem
К
Default heap sizes, as far as I remember, are set for 196GB RAM. But I'm not sure about it.
The easiest way so far is to reach the logs and to see what's in there. I would start from master logs.
The easiest way so far is to reach the logs and to see what's in there. I would start from master logs.
MH
thanks will do
BO
I have been installed a medium load SIEM » core SIEM on 192.168.0.6 (windows) && server SIEM + Events storage on 192.168.0.9 (Debian)
BO
i got this message
BO
BO
about Elasticsearch I changed the parameters as follows
BO
BO
elasticsearch » 192.168.0.9 (events storage) correct me if I am wrong , need help !! :(
К
Elasticsearch is the event storage, yes.
Today is the national day off so people probably hanging out...
Today is the national day off so people probably hanging out...