Hello Broadcom Team,
Plese find below error messages which we have located into the sisconsole.0 logs:
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
1619900 2020-02-03 17:59:37.466 [ERROR] [LoginHandler:163] Invalid user name
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
46536 2020-03-21 10:02:52.192 [ERROR] [FetchHandler:169] Error Code: 0
46537 2020-03-21 10:02:52.192 [ERROR] [FetchHandler:169] [SQL:0] Network error IOException: Connection timed out: connect
java.sql.SQLException: Network error IOException: Connection timed out: connect
Also, below is the result of the PRODsql.rpt:
(5608210 rows affected)
Table 'Worktable'. Scan count 0, logical reads 0, physical reads 0, read-ahead reads 986735, lob logical reads 0, lob physical reads 0, lob read-ahead reads 0.
Table 'CSPEVENT'. Scan count 733, logical reads 1648528, physical reads 175, read-ahead reads 1638932, lob logical reads 0, lob physical reads 0, lob read-ahead reads 0.
SQL Server Execution Times:
CPU time = 695891 ms, elapsed time = 1748379 ms.
Also, below is the result from console.err logs:
** 05-Dec-2022 18:29:46 CST
java.net.UnknownHostException: securityresponse.symantec.com
at java.base/java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.base/java.net.Socket.connect(Unknown Source)
at java.base/java.net.Socket.connect(Unknown Source)
at java.base/sun.net.NetworkClient.doConnect(Unknown Source)
at java.base/sun.net.www.http.HttpClient.openServer(Unknown Source)
at java.base/sun.net.www.http.HttpClient.openServer(Unknown Source)
at java.base/sun.net.www.http.HttpClient.<init>(Unknown Source)
at java.base/sun.net.www.http.HttpClient.New(Unknown Source)
at java.base/sun.net.www.http.HttpClient.New(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at com.symantec.sis.console.util.DeepSightServices.requestThreatCon(DeepSightServices.java:82)
at com.symantec.sis.console.util.DeepSightServices.requestThreatCon(DeepSightServices.java:59)
at com.symantec.sis.console.home.master.ThreatConHomePagePane$6.construct(ThreatConHomePagePane.java:227)
at com.symantec.seui.util.Worker$2.run(Worker.java:134)
at java.base/java.lang.Thread.run(Unknown Source)
** 05-Dec-2022 18:29:50 CST
Can you please suggest further.
Thanks & Regards
Kavya
Original Message:
Sent: Dec 01, 2022 10:22 AM
From: SHANE MEARS
Subject: Event export issue in DCSSA
If you have access to SQL Server SMSS Studio:
Get the number of records for the past month:
SELECT Count(1)[CNT] FROM CSPEVENT_VW WITH (NOLOCK) WHERE EVENT_DT > dateadd(mm,-1, getutcdate())
What is the total?
Run the following query, how long does it take to run?
SET STATISTICS IO, TIME ON;
SELECT EVENT_DT AS "Event Date/Time", AGENTNAME AS "Agent Name", HOSTNAME AS "Hostname", AGENTTYPE_D AS "Agent Type", HOSTADDR AS "IP Address", EVENT_TYPE_D AS "Event Type", Description AS "Description", EVENT_SEVERITY_D AS "Severity", EVENT_PRIORITY AS "Event Priority", DISPOSITION_D AS "Disposition", AGENT_VERSION AS "Agent Version", OSTYPE_D AS "OS Version", EVENT_CNT AS "Event Count", EVENT_DURATION AS "Event Duration", POST_DT AS "Post Date/Time", RULE_NAME AS "Rule Name", USER_NAME AS "User Name", DOMAIN_NAME AS "Domain Name", SYSTEM_STATE_D AS "Policy Overridden", OPERATION_D AS "Operation", TARGET_INFO AS "Resource", PROCESS_PATH AS "Process", PROCESS_EFA_PUB AS "Process Publisher", PROCESS_EFA_FLAG AS "Process Signature" FROM CSPEVENT_VW WITH (NOLOCK) WHERE EVENT_DT > dateadd(mm,-1, getutcdate()) ORDER BY EVENT_DT DESC, EVENT_SEQ DESC
In the messages tab copy and paste the results into
https://statisticsparser.com/
What are the results?
Launch the Server Configuration Wizard. On page 2 there are setting to set the logging to Trace for Server, Console, and Database. After enabling Trace retry the export.
What do the logs say right after getting the error message?
C:\Program Files (x86)\Symantec\Data Center Security Server\Console\console.err
C:\Program Files (x86)\Symantec\Data Center Security Server\Server\tomcat\logs\sis-server.0.log
C:\Program Files (x86)\Symantec\Data Center Security Server\Server\tomcat\logs\sis-console.0.log
You can run the Collect Server Info script to grab all of the logs from the server to assist in troubleshooting.
Reply back with your findings
Original Message:
Sent: Nov 30, 2022 03:22 AM
From: Kavya MTIN
Subject: Event export issue in DCSSA
Hello Broadcom Team,
Customer would like to export the events within 1 month in DCS while they encountered Event exporting problem.
It shows an error message after clicking the export button.
When the range of period of events is narrowed down to 1 day, it is able to be exported.
Customer would like to know if this is a lack of resource problem or anything.
If yes, please guide how they have to achieve their goal, exporting events within 1 month.
If no, please suggest the root cause.
Thanks & Regards
Kavya