Original Message:
Sent: 11-19-2021 08:40
From: Sarah Lamont(csp)
Subject: DRA failed to send events to report server
Hi Jeff,
Apologies for the delay. I spoke to the team and was advised the following...
The reason this command isn't working for the user:
[root@Jsonar ~]# cp $JSONAR_BASEDIR/etc/rsyslog.d/sonar/gateway/rulesets/imperva_dr_incidents.conf $JSONAR_LOCALDIR/gateway/rsyslog.d
cp: cannot stat '/etc/rsyslog.d/sonar/gateway/rulesets/imperva_dr_incidents.conf': No such file or directory
Is because they first need to source the environment file that defines the variables $JSONAR_BASEDIR, $JSONAR_LOCALDIR, etc.
If they run the following command before the copy, it should work:
source /etc/sysconfig/jsonar
They should also restart the sonarrsyslog service to get the Sonar machine listening on the port:
sudo systemctl restart sonarrsyslog
I hope this helps.
THanks,
Sarah
------------------------------
Sarah Lamont(csp)
Digital Community Manager
Original Message:
Sent: 11-09-2021 03:38
From: jeff Gao
Subject: DRA failed to send events to report server
Anyone can help,thanks!
------------------------------
jeff Gao
security Engineer
shnetworks
Shanghai
Original Message:
Sent: 10-26-2021 22:23
From: jeff Gao
Subject: DRA failed to send events to report server
Hi Sarah
Thanks for your reply
I try to follow the steps above,but prompt error:
[root@Jsonar ~]# cp $JSONAR_BASEDIR/etc/rsyslog.d/sonar/gateway/rulesets/imperva_dr_incidents.conf $JSONAR_LOCALDIR/gateway/rsyslog.d
cp: cannot stat '/etc/rsyslog.d/sonar/gateway/rulesets/imperva_dr_incidents.conf': No such file or directory
I try to find imperva_dr_incidents.conf file with "find / -name imperva_dr_incidents.conf",but i can not find it,there is no this file.
------------------------------
jeff Gao
security Engineer
shnetworks
Shanghai
Original Message:
Sent: 10-26-2021 14:21
From: Sarah Lamont(csp)
Subject: DRA failed to send events to report server
Hi Jeff,
I chatted with some of our Engineers and the advised the following:
Integrating DRA with Sonar requires port enablement via the command line interface of the Sonar machine, as described below:
You can see the full article here:
http://dcapdocs.jsonar.com/latest/en/integration-with-imperva-data-risk-analytics.html
I hope this helps.
Thanks,
Sarah
------------------------------
Sarah Lamont(csp)
Digital Community Manager
Original Message:
Sent: 10-25-2021 09:55
From: jeff Gao
Subject: DRA failed to send events to report server
Dear
I configuration DRA send events to Reporting Server(Sonar) as 《v4.1_data_risk_analytics_user_guide_9-7-2021》 page 103,but there is a error "Syslog messages could not be sent to xx.xx.xx.xx port 10674 using tcp. pls check network setting". and I also try to do a test on cli,still failed to send events to sonar,error info as following:[root@localhost ~]# cbctl adminserver send-historical-incidents-to-reporting-server
Starting with preparations...
Looking for reporting server configuration...
Reporting server configuration was found. Reporting Server IP address/Host:78.1.9.12
If you want to continue, type y. If you want to change the reporting server IP address/Host, type n and change the IP address/Host via the UI (System --> Notification and Reporting --> Reporting Server)
Do you want to continue? [y/n]: y
send-historical-incidents-to-reporting-server started...
This can take a while depending on the amount of existing incidents. Please do not perform any other operations.
If you want to stop the process before it is done, please perform cbctl restart after you stopped the process.
Sending the incidents to 78.1.9.12 10674 failed. The reason Connection refused (Connection refused)
Anyone provide some clues to help me solve this problem,thanks!
Notes:
1).DRA and sonar are on the same network segment
2).There are no any policy restriction communication between DRA and sonar
3).sonar version 4.3.b,DRA version 4.1
#jSonar
------------------------------
jeff gao
security Engineer
Shanghai�SHNetworks Technology Co.,Ltd.
Shanghai
------------------------------