"24 hours since Sync Service..." alert messages in Health Alert Summary window
- Article Number: 000002236
- Products: Forcepoint URL Filtering, Forcepoint Web Security, TRITON AP-WEB, Web Filter & Security, Web Security Gateway, Web Security Gateway Anywhere, Web Security and Web Filter
- Version: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7, 7.6
- Last Published Date: May 31, 2018
When looking at the Health Alert Summary screen in the Forcepoint Security Manager, the following alerts are displayed:
"24 hours since Sync Service downloaded log files from the hybrid service"
"24 hours since Sync Service sent log files to the log server"
This is only an issue if the hybrid users have been browsing and generating traffic through the hybrid clusters. If they have not, then generating some traffic will make the errors disappear.
If users were browsing through the hybrid cluster, then check for Sync Service errors in the Sync Service Viewer output.
This page displays a printout of the config.xml file containers that hold error messages.
You will see two pieces of information about logs:
This section shows the last time the Sync Service checked for logs
Resource Type: LOG_CHECK
Last Success Time: Tuesday, May 11, 2017 1:56:33 PM PDT
Last Error Time: Thursday, April 29, 2017 6:11:56 PM PDT
9999 Unauthorized RESETURL=https://www.mailcontrol.com/hybrid_enduser/sync_password_reset.mhtml?encoded=t%2BlF
Retry Count: 1
Note The Sync Server Viewer output typically retains the last error. The error is only relevant when the time and date shown for the error is more recent than the time of last success.
This section shows the last time the Sync Service sent logs to the Forcepoint Log Server:
Resource Type: LOG_SERVER_PUSH
Last Success Time: Thursday, May 6, 2017 8:22:52 PM PDT
Last Error Time: 0
Retry Count: 0
If the last error time does not match within the customer’s latest sync window, then there is no data to retrieve. Generating new traffic forces an update, which removes the alert.
If the Sync Service Viewer output displays an error, then you need to employ additional Sync Service debugging. See the 7978 - Hybrid Web Cloud Endpoint logging not occurring for off-site users article for more troubleshooting options.