You may see the message "ELC01402 Unable to update log handle" with the statements "the interface is unknown" or "the RPC server is unavailable" in an agent's status history. The message can appear in the Alert Logic® console under Configuration > Deployments > the deployment you’re working in > Hosts and Sources > Sources > the source you’re working on > Status History.
The error message means that the agent attempted to query the Eventlog service but the service was unavailable. The Eventlog service may have been stopped or killed, or the agent may have queried the Eventlog service before it was fully started after a system restart. If the agent status returns to OK shortly after the error message appears, you can ignore the error message. If the message persists, check that the Eventlog service on the host machine is running.
Note: The following information applies only to customers with Alert Logic® Cloud Defender™, Alert Logic Threat Manager™, or Alert Logic Log Manager™ entitlements.
Please sign in to leave a comment.