[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ISSForum] SecurityFusion Module (SFM) errors



Possibly unhelpful suggestions...but...you never know Sergey:

Consider the SQL authentication password and or SQL authentication mechanism you used to set up SFM. Has it been changed?

Did you re-install the Site Protector and not the SFM? 

De-installing SFM and re-installing SFM, if you can do it cleanly should be easy to do, as it holds no data and you wont lose anything other than some hair if it goes wrong.

Stephen

>>> "Sergey V Soldatov" <SVSoldatov@xxxxxx> Friday 23, January, 2004 16:27:58 >>>
Hi, Forum!
I've got a great number of events in Application Log on SFM machine in the
following order:

1. Attempted connection to undefined database 'RealSecureDB'

2. Error checking in 'RealSecureDB' connection: Attempted connection to
undefined database 'RealSecureDB'

3. Attempted connection to undefined database 'RealSecureDB'

4. Unable to check out 'RealSecureDB' connection: Attempted connection to
undefined database 'RealSecureDB'

5. The DbReporter thread failed to communicate with the database. The
operation will be attempted again later. Unable to get connection from
RealSecureDB

6. Exception in startup thread
class java.lang.NullPointerException with null message generated
java.lang.NullPointerException
net.iss.sma.fusion.event.FusionEvent.loadEnabledFusionEventsFromPolicyContainer(Unknown
 Source)
net.iss.sma.fusion.event.FusionEvent.getEnabledClassNames(Unknown Source)
net.iss.sma.fusion.FusionEngine.registerForAllFusionEventsDualObserver(Unknown
 Source)
net.iss.sma.fusion.FusionEngine.createFusionEngine(Unknown Source)
net.iss.sma.fusion.FusionEngine.startEngine(Unknown Source)

7. Error re-starting engine

8. Restarting APC core due to internal error
....

and so on.

Sensor status and EventCollector (EC) connection status are still Active
and Online respectively.

I think that shuch errors is the reason of SFM bad operation, i.e. it does
not analyse all amount of events properly.

Why shuch errors are occurred?
Is it because EC is installed on the same machime as DB and the volume of
events is very high (see ISS knowlage base Answer ID 2023 for more
information)? But DB machine is high-perfomance and I've never seen CPU
loaded more then 25% and 1Gb RAM, i think, is enough.

What is the reason of such SFM behaviour?

Thank you all.
---
Best regards, Sergey V. Soldatov
Department of information security,
TNK-BP.


_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx 

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo



Disclaimer

This e-mail message shall not be construed as legally binding on the Bank for International Settlements (BIS). As internet communications are not secure, the BIS does not accept responsibility for the content of this message.

This message is intended only for the recipient(s) named above. Any unauthorized disclosure, use or dissemination, either in whole or in part, of this message is prohibited. If you have received this message in error, please inform the sender immediately by return e-mail and delete this message and any attachments thereto from your system. 
Thank you for your co-operation.


_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo