Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Trending KB Articles

DNS Encryption Point Counterpoint Image.jpg

#2842: Grid members cannot forward reports to indexing server

PROBLEM SUMMARY

 

Grid members cannot forward reports to the reporting server which indexes them.

In technical terms, "forwarder is not able to send reports to the indexer".

 

CUSTOMER ENVIRONMENT

 

Grid members and reporting server are in different networks with a firewall between them.

 

VERSION

 

All NIOS 5.x and 6.x versions.

 

CAUSE

 

When Grid members are behind a firewall, reports may not get through to the reporting server (indexer) if the firewall rules are not configured to allow the required ports.

By default, grid members use TCP port 9997 to forward reports to the indexer. The communication between the forwarder and the indexer uses SSL and is compressed, which is not changeable. If the forwarder has multiple interfaces, system administrators have no control over which interface sends the reports. By default, the indexer listens on all its interfaces.

 

RESOLUTION

 

To ensure that the indexer can receive reports, verify that the configured TCP port is open for communication between the forwarder and the indexer and that the forwarder's interfaces and the indexer's interfaces can communicate over the configured TCP port. By default, the configured TCP report is port 9997.

Showing results for 
Search instead for 
Did you mean: