Issue Description

SaaS EDR stops sending Syslog

Handling Process

1. The WebUI indicates that it can connect to the Syslog server normally.
   
2. First, we checked the logs at /ac/var/log/data_center/log/ldb/backup_to_syslog/0/ and searched for the keyword "send." It was found that after certain time, no "send" actions were logged.
3. Further log investigation revealed that advanced log retrieval was initiated but returned no results, suggesting a potential issue with the database query.
4. Manually executing the scheduled task for Syslog sending caused the process to hang:
   /sf/edr/manager/cron/min/send_data_to_syslog.sh
5. Manually executing the Syslog sending script /ac/dc/ldb/bin/mapreduce/procedure/crond/backup/backup_to_syslog.php resulted in an SQL timeout and termination after a long wait.

Root Cause

The root cause of the issue has been preliminarily identified as a MongoDB query timeout.

Solution

1. Expand the overall memory of the EDR System.
2. Restart eps_services.