Is this real error? Capabilities (unbind-ack, bind-response-endpoint-error-id)

alhung
alhung Member Posts: 14
edited March 2021 in General Discussions #1

Hi all,
Recently our solace team in company highlighted that there were many failure notification in splunk, and provide the log like this (I hide some sensitive information like host name and server name ).

Do you have any idea if this is a real error? Or it is just a false alarm, since I could not find any error from API logs and no failure from Solace queue statistics, I was wondering if they use the key word - bind-response-endpoint-error-id and it confused the splunk.
Please let me know, thank you.

Comments

  • arih
    arih Member, Employee Posts: 125 Solace Employee
    #2

    from the log severity, it is just INFO. this is an event logging showing that there's a client connect event with the details along the line. I need to check on what the bind-response-endpoint-error-id means though, or maybe others know this :)

  • alhung
    alhung Member Posts: 14
    #3

    Hi @arih,
    Thank you very much for your answer :D , I also think this is showing the information, but don't know the meaning of bind-response-endpoint-error-id, hope someone knows :p

  • nram
    nram Member, Employee Posts: 80 Solace Employee
    #4

    Hi @alhung , Agree with @arih that this is unlikely an error. The specific string (bind-repsonse-endpoint-error-id) may be related to flow bind error capability. Try looking for SOLCLIENT_SUBCODE_MISMATCHED_ENDPOINT_ERROR_ID in our C API reference if you are really curious :smile:
    In general forwarding Client connect/disconnect logs to log aggregators like Splunk may be overwhelming since a misconfigured client can generate large number of these events. I assume you are forwarding Solace event logs to your Splunk server. An alternative is to fwd system logs. This has all logs except the client connect and disconnect logs.

  • alhung
    alhung Member Posts: 14
    #5

    Hi @nram,
    I think you're right and I also agree with both of you. I was just trying to search documents which can used to convince our Solace team so that they could change the splunk settings :D.
    From the log that they provided, I think they should forward the system log to splunk (source type = solace:syslog), I will confirm with them. Thank you very much.

  • nram
    nram Member, Employee Posts: 80 Solace Employee
    #6

    Sure. As an aside, creating any alerting on free text search (like error / alert / crash) is not recommended. Pl use the severity levels instead.

  • Ragnar
    Ragnar Member, Employee Posts: 65 Solace Employee
    #7

    First, the capabilities field in the connect response allows for APIS and brokers to adjust their expectations. It is a way that Solace APIS and Solace brokers can interoperate for years without continuously enforcing upgrades of one along with the other. This particular capability let's the API know there is extra information available in the bind response that should be tracked (an endpoint error id) but is otherwise an internal issue.
    Second, API INFO logs are just that, informative. They are intended for high level tracing, as opposed to debug logs which are for fine detail tracing. But they should not be enabled by default. They are a problem solving tool. If you wish to mine logs for issues they will all appear at NOTICE, WARN, or ERROR logs

Categories

This Month's Leaders

This Week's Leaders