Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 21217 Source: OnePointOperations

Level
Description
The Agent received no configuration from the Consolidator. This condition may occur if a new Agent starts up before the consolidator has updated its internal rules cache. It may also mean that the Consolidator no longer has any information about the agent, possibly because the Agent Manager has not been able to contact the agent for an extended period.
Comments
 
This issue occurs when the MOM agent-managed computer is added to the configuration group. However, the configuration change has not been committed to the OnePoint database. See ME922340 for details on solving this problem.
You will get this error right after Agent installation until the Agent downloads rules from the DCAM. You will need to add the manually installed Agents to Computer Groups and to force a SCAN (you will need to add them to the ''Include list'' on each Computer Group they should belong to).
Next, monitor your DCAM so see if there are any errors relating to these Agents (access denied etc.) Then make sure you have a name resolution from both sides - DCAM and Agent, from the Agent computer try to ping the DCAM, and from the DCAM try to ping the Agent. If there is a Firewall/port filtering, make sure to allow MOM port 1270.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...