Issue: Generating SEC Bootstrap data failed.
Symptom: While generating SEC bootstrap data in CDO, the "bootstrap generation" step fails with the error, "There was an error fetching the bootstrap data. Please try again."
Repair: Retry bootstrap data generation again. If it still fails, raise a CDO support ticket.
Issue: SEC status is "Inactive" in CDO Secure Connectors page after onboarding
Symptom: The Secure Event Connector status shows "Inactive" in the CDO Secure Connectors page for one of these reasons:
- Heartbeat failed
- Connector registration failed
Issue: The SEC is "online", but there are no events in CDO Event Logging Page
Symptom: The Secure Event Connector shows "Active" in CDO Secure Connectors page but you do not see events in CDO Event viewer.
Solution or workaround:
- Login to the VM of the on-premise SDC and as the 'sdc' user. At the prompt, type sudo su - sdc.
- Perform these checks:
- Check SEC connector log ( /usr/local/cdo/data/<tenantDir>/event_streamer/logs/connector.log ) and ensure the SEC registration was successful. If not, refer issue "Secure Event Connector Registration failure".
- Check SEC events log( /usr/local/cdo/data/<tenantDir>/event_streamer/logs/events-plugin.log ) and ensure that the events are being processed. If not, contact CDO support.
- Log in to SEC docker container and execute the command "supervisorctl -c /opt/cssp/data/conf/supervisord.conf " and ensure the output is as shown below and all processes in RUNNING state. IIf not, contact CDO support.
estreamer-connector RUNNING pid 36, uptime 5:25:17
estreamer-cron RUNNING pid 39, uptime 5:25:17
estreamer-plugin RUNNING pid 37, uptime 5:25:17
estreamer-rsyslog RUNNING pid 38, uptime 5:25:17
- Ensure that the firewall rules on the on-premise SDC are not blocking the UDP and TCP ports shown for the SEC on the Secure Connectors page:
- If you have setup SDC manually using a CentOS 7 VM of your own and have the firewall configured to block incoming requests, you could execute the following commands to unblock the UDP and TCP ports:
firewall-cmd --zone=public --add-port=<udp_port>/udp --permanent
firewall-cmd --zone=public --add-port=<tcp_port>/tcp --permanent
- Using Linux network tools of your choice, check if packets are being received on these ports. If not receiving, re-check the FTD logging configuration.
If none of the above repairs work, raise a CDO support ticket.