This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Moe_89
Contributor
‎2018-10-15 03:47 AM

Could not open log file on position

Hi All,

I am getting below error when opening log files older than today. The logs are all blank as seen below. If we open any log, under Description i see "Could not open log file @A@@B@1539550560 on position:23167. Possible reasons: log-files were deleted, moved or have been corrupted."

Appreciate any input i can get on this.

Reply
6 Replies
PhoneBoy
Admin
Admin
‎2018-10-15 04:39 AM

Sounds like the log indexes might need to be rebuilt.

Did you open a TAC case on this?

0 Kudos
Reply
Moe_89
Contributor
‎2018-10-15 05:27 AM
In response to PhoneBoy

Is there an SK I can refer to rebuild the index files. I have opened a case but so far they have only asked for cpu utilization and cpinfo from the devices. 

0 Kudos
Reply
_Val_
Admin
Admin
‎2018-10-15 05:13 AM

I would advise checking the HDD space and log indexing threshold definitions before opening a TAC case.  

0 Kudos
Reply
Moe_89
Contributor
‎2018-10-15 05:30 AM
In response to _Val_

A TAC case is opened already. HDD is used around 20%

I think the indexing threshold is set to delete index files older than 14 days. 

0 Kudos
Reply
_Val_
Admin
Admin
‎2018-10-15 06:19 AM
In response to Moe_89

Stick to support processes then. I am confident this will be resolved in no time. Please share the root cause when you get it fixed

0 Kudos
Reply
Moe_89
Contributor
‎2018-10-26 06:13 AM
In response to _Val_

Hi,

We were able to find the root cause of the issue.

We had recently added a SmartEvent server and configured the Management server to forward logs to the event server for correlation. As per sk106039 the logs are deleted after forwarding to the Event server and this is why we get the error in SmartLog.

We have not yet changed the forward_log_without_delete to true as per the SK. As a workaround we are choosing the SmartEvent server as the log source in SmartLog and clear the checkbox for the management server.

Reply