Hi,
I have a configuration where many Universal Forwarders are managed by a Deployment Server.
Today I installed a new UF on a Windows machine, and I have several problems:
- in the internal log I see `WARN TcpOutputFd - Connect to :9997 failed. No connection could be made because the target machine actively refused it` and `ERROR TcpOutputFd - Connection to host=:9997 failed` -> Why is the UF trying to contact the DS on 9997?
- in the internal log, I can't see the phonehome logs, but looking at the ASA logs, I can see the communication between UF and DS on port 8089 every minute and so I suppose this is the phonehome
- Main problem: I have configured the inputs.conf to monitor a path, but I can't see the logs, maybe because the errors above.
[monitor://C:\path\ue_*.log]
index=ftp
sourcetype=ftp
In the outputs.conf I have listed, as usual, my 6 indexers on port 9997.
↧