Hi, Forum! I've got a great number of events in Application Log on SFM machine in the following order:
1. Attempted connection to undefined database 'RealSecureDB' 2. Error checking in 'RealSecureDB' connection: Attempted connection to undefined database 'RealSecureDB' 3. Attempted connection to undefined database 'RealSecureDB' 4. Unable to check out 'RealSecureDB' connection: Attempted connection to undefined database 'RealSecureDB' 5. The DbReporter thread failed to communicate with the database. The operation will be attempted again later. Unable to get connection from RealSecureDB 6. Exception in startup thread class java.lang.NullPointerException with null message generated java.lang.NullPointerException net.iss.sma.fusion.event.FusionEvent.loadEnabledFusionEventsFromPolicyContainer(Unknown Source) net.iss.sma.fusion.event.FusionEvent.getEnabledClassNames(Unknown Source) net.iss.sma.fusion.FusionEngine.registerForAllFusionEventsDualObserver(Unknown Source) net.iss.sma.fusion.FusionEngine.createFusionEngine(Unknown Source) net.iss.sma.fusion.FusionEngine.startEngine(Unknown Source) 7. Error re-starting engine 8. Restarting APC core due to internal error .... and so on. Sensor status and EventCollector (EC) connection status are still Active and Online respectively. I think that shuch errors is the reason of SFM bad operation, i.e. it does not analyse all amount of events properly. Why shuch errors are occurred? Is it because EC is installed on the same machime as DB and the volume of events is very high (see ISS knowlage base Answer ID 2023 for more information)? But DB machine is high-perfomance and I've never seen CPU loaded more then 25% and 1Gb RAM, i think, is enough. What is the reason of such SFM behaviour? Thank you all. --- Best regards, Sergey V. Soldatov Department of information security, TNK-BP. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
