Troubleshooting Installs

Easy Troubleshooting Page for Agent Install Failures.

PreviousIncident Management Workflow(M-SOC only)NextMACOS Package Installation

Last updated 10 days ago

Troubleshooting Installs

Easy Troubleshooting Page for Agent Install Failures.

BluLogShipper Install Errors

#1. Error: TLS Verification Error (Resolved)

If you encounter the above "TLS Verification Error", it is often associated with the below causes:

Cause: The System is not up-to-date on patches OR it hasn't been patched in a very long time. This results in the system not having updated TLS root certificates in its certificate authority store.

Resolution 1: Please update your system to the latest updates available.

Resolution 2: If TLS issue is not resolved. Here are the steps to fix it:

Open the following link in a browser:
Copy the key.
Save it as a .pem file on your system.
Move the .pem file to the conf folder.
Edit the fluent-bit configuration.
Add the following script to the output section: tls: on tls.verify: true tls.ca_file: <path of the .pem file>/.pem
Ensure that the path uses forward slashes (/).
Then restart the service now

Cause: Your systems is out of support and is no longer supported by the vendor.

Resolution: Please upgrade to the latest version of the Operating System (OS) at the earliest. This is considered a severe risk by CSCRF. When your operating system is out of support, security patches are no longer provided by the vendor. Hence, this qualifies as a severe risk and shall be represented as such to the exchange.

Cause: Your system Date and time are not synchronised to a radio clock / time server on the internet and/or is not up to date.

Resolution: Good security practices require that your system should always be in sync with network time servers. There are many reliable time servers on the internet. Please ensure your system is synced.

Cause: TLS version mismatch.

Resolution: This again happens if you system is out of support by the vendor and/or not updated in a long time. TLS 1.3 has been a standard for over at least 3yrs now. Please upgrade.

#2. Error: Windows Event and Message Fields Are Missing (Resolved)

Cause: This issue typically arises on older versions of Windows (2016 or older). The root cause is a character set mismatch in Fluent Bit, which defaults to Unicode, while older versions of Windows use ANSI.

Resolution:

Update the Use_ANSI flag in every input section to True.
Restart the service.

#3. Error: Input Channel for Windows Defender Operational Is Not Present on Windows Server 2012 R2, Leading to Unexpected Service Termination

Cause: Fluent Bit is unable to find the log locations for Windows Defender Operational logs.

Resolution:

Remove the input log source for Windows Defender Operational logs.
This is a temporary solution that allows the service to work with limited input.

#4. Error: Unable to Install BluLogShipper Due to GLIBC Version Being Lower Than Required

Cause: This issue is caused by an unsupported version of the GNU C Library (GLIBC) for C library-based applications.

Resolution:

BluLogShipper supports systems with GLIBC version 2.27 or higher.
If the customer needs an older version, refer to the BluLogShipper build documentation and build it in an environment with the required or older GLIBC version.

#5. Error: Unable to Install BluLogShipper from Non-C:\ Drives

Cause: This error occurs when the installer is launched from a file path other than the "C:" drive on Windows. The installer is unable to copy configuration and credential files from another drive to C:\Program Files\BluLogShipper\conf, causing the installation to terminate.

Resolution:

Install BluLogShipper from a child directory of the C:\ drive.

#6. Error: Timeout While Performing a DNS Call

Cause: For some clients, the DNS server is set by the service provider, which can lead to errors. Please check your local DNS resolution.

Resolution:

If you do not receive any support from your local DNS provider (usually your ISP), then try changing the DNS server address to a public secure DNS server like below:

Google

8.8.8.8

8.8.4.4

Fast, globally distributed, minimal logging

Cloudflare

1.1.1.1

1.0.0.1

Privacy-focused, no logging, fast

Quad9

9.9.9.9

149.112.112.112

Security-first: blocks malicious domains

OpenDNS

208.67.222.222

208.67.220.220

Offers filtering and parental control

Carefully verify the DNS configuration to resolve these issues.

PreviousIncident Management Workflow(M-SOC only)NextMACOS Package Installation

Last updated 10 days ago

BluLogShipper Install Errors

#1. Error: TLS Verification Error (Resolved)

If you encounter the above "TLS Verification Error", it is often associated with the below causes:

Resolution 1: Please update your system to the latest updates available.

Resolution 2: If TLS issue is not resolved. Here are the steps to fix it:

Open the following link in a browser:
Copy the key.
Save it as a .pem file on your system.
Move the .pem file to the conf folder.
Edit the fluent-bit configuration.
Add the following script to the output section: tls: on tls.verify: true tls.ca_file: <path of the .pem file>/.pem
Ensure that the path uses forward slashes (/).
Then restart the service now

Cause: Your systems is out of support and is no longer supported by the vendor.

Cause: Your system Date and time are not synchronised to a radio clock / time server on the internet and/or is not up to date.

Cause: TLS version mismatch.

Resolution: This again happens if you system is out of support by the vendor and/or not updated in a long time. TLS 1.3 has been a standard for over at least 3yrs now. Please upgrade.

#2. Error: Windows Event and Message Fields Are Missing (Resolved)

Resolution:

Update the Use_ANSI flag in every input section to True.
Restart the service.

#3. Error: Input Channel for Windows Defender Operational Is Not Present on Windows Server 2012 R2, Leading to Unexpected Service Termination

Cause: Fluent Bit is unable to find the log locations for Windows Defender Operational logs.

Resolution:

Remove the input log source for Windows Defender Operational logs.
This is a temporary solution that allows the service to work with limited input.

#4. Error: Unable to Install BluLogShipper Due to GLIBC Version Being Lower Than Required

Cause: This issue is caused by an unsupported version of the GNU C Library (GLIBC) for C library-based applications.

Resolution:

BluLogShipper supports systems with GLIBC version 2.27 or higher.
If the customer needs an older version, refer to the BluLogShipper build documentation and build it in an environment with the required or older GLIBC version.

#5. Error: Unable to Install BluLogShipper from Non-C:\ Drives

Resolution:

Install BluLogShipper from a child directory of the C:\ drive.

#6. Error: Timeout While Performing a DNS Call

Cause: For some clients, the DNS server is set by the service provider, which can lead to errors. Please check your local DNS resolution.

Resolution:

If you do not receive any support from your local DNS provider (usually your ISP), then try changing the DNS server address to a public secure DNS server like below:

Google

8.8.8.8

8.8.4.4

Fast, globally distributed, minimal logging

Cloudflare

1.1.1.1

1.0.0.1

Privacy-focused, no logging, fast

Quad9

9.9.9.9

149.112.112.112

Security-first: blocks malicious domains

OpenDNS

208.67.222.222

208.67.220.220

Offers filtering and parental control

Carefully verify the DNS configuration to resolve these issues.