Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Security Manager (DSM) fails to send system event via syslog

    • Updated:
    • 5 Apr 2016
    • Product/Version:
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • Amazon AMI 64-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 64-bit
Summary

When Deep Security Manager (DSM) cannot resolve its hostname via DNS, the DSM is unable to send system events via syslog. Upon checking the serverX.log file, the following error message shows:

Feb 18, 2016 1:29:55 PM com.thirdbrigade.manager.core.util.Syslogger log
SEVERE: ThID:42|TID:0|TNAME:Primary|UID:-1|UNAME:|Syslogger - Error sending message: CEF:0|Trend Micro|Deep Security Manager|9.6.11662|150|System Settings Saved|3|src=192.168.1.1 suser=admin msg=Description Omitted TrendMicroDsTenant=Primary TrendMicroDsTenantId=0
java.net.UnknownHostException: XXXXXX: XXXXXX: unknown error
        at java.net.InetAddress.getLocalHost(InetAddress.java:1484)
        at com.thirdbrigade.manager.core.util.Syslogger.log(Syslogger.java:261)
        at com.thirdbrigade.manager.core.notifications.SystemEventNotificationSender.processList(SystemEventNotificationSender.java:203)
        at com.thirdbrigade.manager.core.tagging.PostProcessorThread$2.processList(PostProcessorThread.java:490)
        at com.thirdbrigade.manager.core.tagging.SelectionUtilities.doBatchSelect(SelectionUtilities.java:369)
        at com.thirdbrigade.manager.core.tagging.PostProcessorThread.doRunPrivate(PostProcessorThread.java:439)
        at com.thirdbrigade.manager.core.tagging.PostProcessorThread.doRun(PostProcessorThread.java:321)
        at com.thirdbrigade.manager.core.threads.TenantIteratingThread$1.run(TenantIteratingThread.java:105)
        at com.thirdbrigade.manager.core.db.Locks.withLockInternal(Locks.java:362)
        at com.thirdbrigade.manager.core.db.Locks.withLockIfNotLockedNoExceptions(Locks.java:442)
        at com.thirdbrigade.manager.core.threads.TenantIteratingThread.run(TenantIteratingThread.java:99)
Caused by: java.net.UnknownHostException: ip-172-32-35-197: unknown error
        at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)
        at java.net.InetAddress$2.lookupAllHostAddr(InetAddress.java:907)
        at java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1302)
        at java.net.InetAddress.getLocalHost(InetAddress.java:1479)
        ... 10 more
Details
Public

When DSM tries to compose the syslog message, it uses DNS to resolve its hostname and get the IP address. If there is no DNS record for the DSM hostname, the issue will occur.

To solve the issue, do any of the following:

  • Add the IP and hostname record in /etc/hosts file.
  • Add the DSM hostname record in the DNS server.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1113583
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.