Syslog Messages
This page describes messages that may appear when integrating the Vault with a SIEM solution, and their recommended actions.
ITASL001E Connection to Syslog server: <details> was recovered.
Recommended Action:
The connection to the syslog server was reestablished. Find out if network interference occurred or if the server was down.
ITASL002E Unable to send Syslog message to server, IP: <IP>.
Recommended Action:
The syslog message could not be sent, probably because the Send method failed. Find out if the syslog server is down or if there are communication issues.
ITASL003E Unable to send Syslog message. Message is empty.
Recommended Action:
The received message is empty. Make sure the related audit message in the database is not empty.
ITASL004E Error while Creating Syslog msg from Log msg.
Recommended Action:
An error occurred while converting the log message to a syslog message. Make sure the log message is not corrupted.
ITASL005E Error while trying to initialize Syslog job. Code: <code>
Recommended Action:
An unexpected error occurred while trying to construct CAVSyslogMsgJob. Contact CyberArk support.
ITASL006E Error while Deleting Syslog finished jobs
Recommended Action:
An error occurred while trying to delete CAVSyslogMsgJob. Contact CyberArk support.
ITASL007W Warning: The total number of syslog messages waiting to be processed exceeded the threshold
Recommended Action:
-
Check the connectivity from the Vault to the configured syslog servers. For example, firewall, configuration (IP, port) from the Vault to the configured syslog servers.
After the issue is resolved, if the Vault application doesn't restart the following message appears to indicate the that syslog messages are being processed successfully:
"ITASL008I The total number of syslog messages waiting to be processed is now below the notification threshold. "
-
If the Vault application restarts, the error message should not re-appear.
-
Check the XSL translator file configured for the syslog servers. Verify the path, and that the file isn't corrupted. Changes in the XSL file require a restart of the Vault application.
ITASL009W Warning: The total number of syslog messages waiting to be sent to server %s exceeded the threshold
Recommended Action:
Check the connectivity from the Vault to the configured syslog server. For example, firewall, configuration (IP, port) from the Vault to the printed syslog servers.
After the issue is resolved, the following message appeard to indicate that the syslog messages are being processed successfully:
"ITASL010I The total number of syslog messages waiting to be sent to server %s is now below the notification threshold. "
ITASL011E The syslog message queue for processing is full. New messages will not be processed
Recommended Action:
-
Check the connectivity from the Vault to the configured syslog server. For example, firewall, configuration (IP, port) from the Vault to the printed syslog servers.
-
Check the XSL translator file configured for the syslog servers. Verify the path, and that the file isn't corrupted. Changes in the XSL file require a restart of the Vault application.
-
Consider increasing the configured value of the SyslogMessageProcessingLimit parameter. For more information, see DBParm.ini.
ITASL012E The syslog message queue for server %s is full. New messages will not be sent to this server.
Recommended Action:
-
Check the connectivity from the Vault to the configured syslog server. For example, firewall, configuration (IP, port) from the Vault to the printed syslog servers.
-
Consider increasing the configured value of the SyslogMessageProcessingLimit parameter. For more information, see DBParm.ini.
ITATS167E Failed to resolve the Syslog server <hostname> address.
Recommended Action:
Verify the following:
- The DNS server was configured correctly on the Vault.
- The firewall to the DNS server is allowed on the Vault.
- The syslog server address is correct and that it resolves correctly when done manually.
For more information, see Security Information and Event Management (SIEM) Applications.
