Submit a ticketCall us
Home > Success Center > Log & Event Manager (LEM) > Large number of unknown nodes with inaccurate IP addresses are added automatically to LEM

Large number of unknown nodes with inaccurate IP addresses are added automatically to LEM

Updated: December 13, 2017

Overview

This article describes the issue where the license count has reached its limit due to a large number of unknown nodes that have been automatically added to the list. These non-agent nodes display strings of 13 numbers in the Node IP and Node Name columns, rather than IP addresses. 

 

 

Environment

All LEM versions

 

Cause 

This issue occurs because of connectors that are configured for devices that you are not receiving data for. These incorrect connectors are attempting to read events that belong to something else. This can result in parsing errors where the epoch timestamp of the original event is seen as an IP address, resulting in a new node for each event.

 

Resolution

  1. Go to Manage > Appliances (left gear icon) > Connectors, and then check the Configured box on the left.
  2. Look through the list of active and configured connectors, and then remove connectors that do not belong from the list. For example, remove connectors that LEM is not receiving data for.  
    Note: Verify connectors that end with "Connector Discovery", as those are added automatically by the Scan for New Nodes function and is often incorrect.
  3. Exit the Connectors after verifying the connector's list.
  4. Go to Manage > Nodes.
  5. Click the Node IP column header to sort by it.
  6. Select the unknown nodes or press Shift + click.
  7. Click the gear icon on the upper right, and then click Delete.
  8. Go back to the Nodes screen to verify if the unknown nodes are still present. If so, the broken connector is still in place. Repeat steps one to nine. 
 

 

Last modified

Tags

Classifications

Public