Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[ES] The linked log has been continuously recording process evidence.

Posted
Updated
Byadmin
Views1

Problem Description

The customer feedback shows that there has been a process for collecting evidence in the ES linkage logs, but there are no corresponding security event


Effective Troubleshooting Steps

  1. The device time of ES and the device time of AF are consistent.


  1. Check the process logs on AF for the corresponding IP to obtain evidence of no linkage information.

  1. Subsequent confirmation AF will always link with ES to attempt process forensics, then report information. It cannot be deleted or stopped, and ES has corresponding logs which are normal.

Solution

Explain the reasons for normal mechanism issues to the customer.

Scope of Operation Impact

No impact

Original Link

https://support.sangfor.com.cn/cases/list?product_id=16&amp;type=1&amp;category_id=2870&amp;isOpen=true