[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] SecurityFusion Module (SFM) errors



Hi, Forum!
I've got a great number of events in Application Log on SFM machine in the
following order:

1. Attempted connection to undefined database 'RealSecureDB'

2. Error checking in 'RealSecureDB' connection: Attempted connection to
undefined database 'RealSecureDB'

3. Attempted connection to undefined database 'RealSecureDB'

4. Unable to check out 'RealSecureDB' connection: Attempted connection to
undefined database 'RealSecureDB'

5. The DbReporter thread failed to communicate with the database. The
operation will be attempted again later. Unable to get connection from
RealSecureDB

6. Exception in startup thread
class java.lang.NullPointerException with null message generated
java.lang.NullPointerException
net.iss.sma.fusion.event.FusionEvent.loadEnabledFusionEventsFromPolicyContainer(Unknown
 Source)
net.iss.sma.fusion.event.FusionEvent.getEnabledClassNames(Unknown Source)
net.iss.sma.fusion.FusionEngine.registerForAllFusionEventsDualObserver(Unknown
 Source)
net.iss.sma.fusion.FusionEngine.createFusionEngine(Unknown Source)
net.iss.sma.fusion.FusionEngine.startEngine(Unknown Source)

7. Error re-starting engine

8. Restarting APC core due to internal error
....

and so on.

Sensor status and EventCollector (EC) connection status are still Active
and Online respectively.

I think that shuch errors is the reason of SFM bad operation, i.e. it does
not analyse all amount of events properly.

Why shuch errors are occurred?
Is it because EC is installed on the same machime as DB and the volume of
events is very high (see ISS knowlage base Answer ID 2023 for more
information)? But DB machine is high-perfomance and I've never seen CPU
loaded more then 25% and 1Gb RAM, i think, is enough.

What is the reason of such SFM behaviour?

Thank you all.
---
Best regards, Sergey V. Soldatov
Department of information security,
TNK-BP.


_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo