When
you purged the database, have you simply removed all the records, or have you
replaced it with a "clean" copy? The ISSED database must be pre=populated with a
number of records in order for the Console/Event Collector to be able to talk to
it.
What I
am doing on a weekly basic is the following:
1.
Stop the Event Collector
2.
Generate my weekly report
3.
Dump the ISSED database
4.
Detach the database
5.
Replace the database files with the "clean" copies (the actual database and
the transaction log file
6.
Edit the database properties to allow unrestricted file growth (on both the data
file, and the transaction log file)
7.
Attach the database
8.
Start the Event Collector
9.
Synchronize all the sensors (if they don't start automatically to dump the
events they logged during this process)
10. Of
course, it's up to you if you want to archive the old database
dump.
I have
been able to successfully bring one of these dumps in a SQL server and restore
the database for analysis.
I'm
not sure if this will help with your actual problem (assuming you have zero-ed
all the records in the database, it might actually help you). But it might be
useful for whomever did not have a sound procedure in place for
maintenance.
Best
Regards,
Jaroslav Danilov, CISSP
SR. IT
Security Analyst
CIENA
Corporation
-----Original Message-----
From: Wassim Nakadi [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 05, 2003 10:26 AM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Event Colector ErrorHi,My Event Collector is not Responding.Error:*********************************************************************************Source : ISS
Category: issDaemon
Type : error
Event ID : 101
Description:
Request received for unknow engine 'EventCollector_machinename'
********************************************************************************
Support said that my database is full. i manually purged the database and still it is not responding.
Personally i don't think it a full database issue cuz i managed to install a temporary event collector to my basic intallation and it is active.
Has anyone had this error before?
Regards,
WN.
