Hang while "processing security events table"

Hang while "processing security events table" (Full Version)

All Forums >> [Networking & Security] >> GFI EventsManager

Message

lnmecca -> Hang while "processing security events table" (15.Oct.2009 9:52:31 AM)
I’m new to ESM so please forgive me if I’m asking a repetitive question. We are running the latest version of EventsManager, version 8.2.0, build 20090922. It’s installed on a Windows 2008 Standard server with SP2, and uses MS SQL Server 2005 with SP3 installed on the same server for its backend. I have two servers setup like this, each in different locations. (I would eventually like to have one import data from the other for consolidation but I am not currently doing this operation.) The problem I am having is with a database operation I have setup. The operation is configured to export data older than 1 day to a local directory. It’s followed by a second database operation set to delete data older than 1 day. These operations are scheduled to run once a day. However, what is happening is that the operation hangs “processing security events table” during the export operation. I have let this sit overnight and the progress bar doesn’t move so I assume it’s a fatal hang. This has been happening intermittently on both servers, although it seems to occur more often on one server than the other. I’m guessing that this is something that I am doing wrong through my ignorance so any help or suggestions would be appreciated. Thanks in advance. --Larry

DrewE -> RE: Hang while "processing security events table" (15.Oct.2009 9:58:09 AM)
Try increasing the number of days in this count, for instance, move events older than 365 days first, then try again with 260 days and work your way down. Does this work any better?

lnmecca -> RE: Hang while "processing security events table" (16.Oct.2009 8:19:19 AM)
Thank you for your timely response, Drew. I did try as you suggested, using an iteration of 365, 260, 160, 60, 30, 15, 5, and then 1 days. However it once again hung processing the Security Events table when it hit the 30 day mark. I tried this using the GUI Database Operation interface, and for a second time I wrote a small batch using the exportdata.exe utility ( batch included below). Both methods produced the same result. A ~3mb .tmp file is left behind in the directory after killing the hung process. Any further suggestions would be appreciated. Thanks! Batch file: @ECHO OFF ECHO Now clearing 365 days or older ... Exportdata.exe /folder:%1 /period:8760 /delete ECHO Now clearing 260 days or older ... Exportdata.exe /folder:%1 /period:6240 /delete ECHO Now clearing 160 days or older ... Exportdata.exe /folder:%1 /period:3840 /delete ECHO Now clearing 60 days or older ... Exportdata.exe /folder:%1 /period:1440 /delete ECHO Now clearing 30 days or older ... Exportdata.exe /folder:%1 /period:720 /delete ECHO Now clearing 15 days or older ... Exportdata.exe /folder:%1 /period:360 /delete ECHO Now clearing 5 days or older ... Exportdata.exe /folder:%1 /period:120 /delete ECHO Now clearing 1 days or older ... Exportdata.exe /folder:%1 /period:24 /delete

DrewE -> RE: Hang while "processing security events table" (16.Oct.2009 10:51:19 AM)
Let's try to refine it a bit more try the 60, 50, 40, then 30 day mark. One of the biggest issues is that if you are trying to Export / Delete / Move more than 2 GB worth of data the process may fail. We simply need to ensure these chunks of data are smaller in size mostly. If this still fails: try exporting one days worth of data, and only the Application Events, then again for Security events, and lastly for System events. If all of this does not give you the results you are looking for please open a support request with us online at http://support.gfi.com/Support/support.aspx?lcode=en so we can further assist you.

lnmecca -> RE: Hang while "processing security events table" (19.Oct.2009 9:39:42 AM)
Drew, I further refined as you suggested and then noticed that it was now hanging the process at 50 day mark, so I refined it even further with a series of 59 through 51 days or older and the process hung at the 53 day mark. In each instance it hung processing the security events table. I continued to refine it further and created a database operation that exported everything except security events that were 53 days or older and it ran with success. Next I created another database operation that exported only failed security events that were 53 days or older and it ran with success. Lastly, I created a third database operation that exported only successful security events that were 53 days or older and the process hung. Beyond splitting security events by success or failure I am unsure how to refine this further. I think the problem is that we are contractually obligated to turn on folder/file auditing and that coupled with our Active Directory authentication activity it is generating more successful security events than can be exported, perhaps hitting that 2GB limit you mentioned. Is there some way we can work around this? Perhaps there is some further refining of the data being exported that I am missing. Thank you.

DrewE -> RE: Hang while "processing security events table" (19.Oct.2009 9:49:00 AM)
Can you contact us at http://support.gfi.com/Support/support.aspx?lcode=en so we can obtain a complete set of log files?

Page: [1]