Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos Space] Security Director shows "Log Collector is not reachable" under Events & Logs



Article ID: KB30957 KB Last Updated: 15 Jan 2019Version: 2.0

After deploying Junos Space 15.2 with Log Collector, the following message is observed from Security Director > Monitor > Events & Logs: Log Collector is not reachable.

This article lists the causes and gives the corresponding resolution.



After successfully adding the Log Collector node to Junos Space 15.2, going to Monitor > Events & Logs shows the message, "Log Collector is not reachable."



The following error messages are seen in the /var/log/jboss/servers/server1/server.log file:

2016-03-31 13:16:07,067 ERROR [] (ajp-space-005056b10e7d/ Server URL http://localhost:9200/_cluster/stats
2016-03-31 13:16:07,069 ERROR [] (ajp-space-005056b10e7d/ Exception happened with error code 0
2016-03-31 13:16:07,070 ERROR [] (ajp-space-005056b10e7d/ Log Collector Status 105
2016-03-31 13:16:07,062 ERROR [] (ajp-space-005056b10e7d/ Error occured Connect to localhost:9200 [localhost/] failed: Connection refused



Note: The following methods are intended for the specific scenario when the Log Collector receives a syslog message on port 514 and if the "Log Collector is not reachable" error is encountered while displaying the logs.

  1. The Elasticsearch service on the Log Collector node might be off. In this case, check the service with the following steps and start the service if it is not running.
  • Log in to the Log Collector node by using root user credentials.

root@LOG-COLLECTOR] /etc/init.d/elasticsearch status
process is not running..

[root@LOG-COLLECTOR] /etc/init.d/elasticsearch start

[root@LOG-COLLECTOR]# /etc/init.d/elasticsearch status
process is running..
  • Check the status of port 9200 on Log Collector node. It should be in LISTEN state:

[root@localhost ~]# netstat -an | grep :9200
tcp        0      0                    :::9200                   :::* LISTEN
  1. If Junos Space cannot communicate with the Log Collector on port 9200 (connection refused messages in server.log), check whether there is a firewall in between that is blocking traffic from Junos Space to the Log Collector on port 9200.
  • On Junos Space Command Line Interface (CLI), check connection status by using the following command:

#telnet <LC_IP> <port> (This must be successful.)


#telnet x.x.x.x 9200

where x.x.x.x is Log Collector IP address.

  1. There may be an incorrect setting in the Log Director application. In this case, check the following settings:
  • On the Junos Space Platform UI, select Administration > Applications. The Applications page is displayed with the list of installed Junos Space applications.

  • Select Log Director, then select Modify Application Settings from the Actions menu or the shortcut menu. Uncheck "Integrated Log Collector On Space Server." Note: This check box is unchecked by default.



After performing the above steps, if you still see the error, contact JTAC Support.


Modification History:

2019-01-15: Logs example in Symptoms section trimmed and other minor, non-technical modifications made


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search