Collector could not verify/register if using Palo Alto SSL decryption feature
Just in case this helps other customers... SYMPTOMS: The Windows collector installed ok and the two Collector services were running but the collector could not finish the verification/registration step and showing the 'flame alert' on Settings > Collectors screen. After some troubleshooting, we looked in the wrapper.log file on the collector and saw this error message: [MSG] [CRITICAL] [main::controller:main] [AgentHttpService.checkCertificateOrWait2Valid:1029] The santaba server is not trusted, and "EnforceLogicMonitorSSL" is enabled. Wait 1 minute to retry. Please check the network settings, or disable "EnforceLogicMonitorSSL" in agent.conf and restart collector The customer set up a whitelist on their Palo Alto firewall for *.logicmonitor.com and it started working (or list of ~15 IP address ranges). Alternatively you can lowersecurity and changethe agent.conf (config file) fromEnforceLogicMonitorSSL=true to false.16Views0likes1Comment