Failed couldn't Initialize
Found Version
Skyhigh Content Security Reporter 2.x
Description
Content Security Reporter can't retrieve logs from WebSaaS, even though when you test the connection, it reports as Successful.
In the Job Queue, you see the following error:
Failed - couldn't initialize
Causes
This issue is usually caused when a timeout is occurring when trying to fetch logs from the Cloud Log source, either due to the large amount of logs present in customer's tenant or the amount of data being fetched is large. We can see - Read timed out error in server error logs as well :
[com.mcafee.mesa.logparsing.LogAudit] (WebSaasGetter) Begin retrieving logs for Web SaaS log source from 09-Apr-2024 05:40:01 to 12-Apr-2024 03:40:15.
2024-04-12 03:46:16,470 ERROR [Thread: Scheduler FileGetter Thread Pool Thread 3]
[com.mcafee.mesa.common.core.util.httputil.SfHttpClient] I/O Exception.
java.net.SocketTimeoutException: Read timed out
[com.mcafee.mesa.logparsing.LogAudit] (WebSaasGetter) Failed to retrieve log files from Saas Web Protection server: 'https://us.logapi.skyhigh.cloud/mwg/...ting/forensic/'.
How to Fix
To resolve this issue, increase the connection timeout and decrease the batch size interval:
1) Navigate to C:\Program Files\McAfee\Content Security Reporter\reporter\conf in your CSR Server.
2) Create folder named resources and another inside that named system.
3) Now copy server.properties
from: "C:\Program Files\McAfee\Content Security Reporter\reporter\conf+examples+\resources\system"
to: "C:\Program Files\McAfee\Content Security Reporter\reporter\conf\resources\system"
Ignore step 2 and 3 if the folder named resources and in it, server.properties already are present.
4) After copy, open server.properties.
5) Un-comment (Remove Hashtag Symbol)
# SaasHttpTimeout 1
replace 1 with 5 (Note: here 5 means '5 minutes')
# SaasDataBatchSize 60
replace 60 with 30 (Note: here instead of pulling last 1hr log file, we are setting to pull last 30 min file)
6) Save and close the file.
7) Restart the CSR service and then check to see if logs are now being retrieved from the Log servers. If that didn't resolve the issue, try increasing the timeout value to for example 8 minutes and decreasing the SaasDataBatchSize to for example 15 minutes and check to see if that resolved the issue.
If this doesn't fix the issue, then reach out to support for further instructions.