Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - EventsManager Section
  3. Articles

EventsManager Syslog Error: '...did not pass black/white list test and will be discarded.'

Overview

Syslog events are not archived with the following error:

Message from computer <event source> did not pass black/white list test and will be discarded.

Root Cause

A duplicate event source entry with Active Monitoring license only "blacklisted" the device due to it not having a complete license.

Resolution

  1. Confirm if the error is present in logging (syslogcollectorplugin.csv).
  2. If the error is present, check Event Sources for duplication of any devices that are gathering Syslogs (machine may have been added manually by IP address and Sync gathered hostname).
  3. Remove the erroneous entry.
  4. Restart the GFI EventsManager service.
  5. Wait 10 minutes for the Syslog gathering to begin.
  6. Confirm if the device is now gathering Syslog events.
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments