Endpoint SWAT: Protect the Endpoint Community

 View Only

  • 1.  SEPM\data\inbox\log\tex\AVman dat files not clearing

    Posted Oct 04, 2013 03:51 AM

    Recently noticed that on the SEPM folder  SEPM\data\inbox\log\tex\AVman .dat files are building up  and not being processed. What can be the issue?

    All other log folders are being processed - there are also no .err files. I have restarted the SEPM services and still have files that are coming in and not being processed that are max 12MB big and not being processed....SEPM's are online, but sometimes very slow response.

    SEP 12RU3 installed. 2 SEPM's running. SQL 2012 dedicated database.

    Thanking you in advance for any assistance.



  • 2.  RE: SEPM\data\inbox\log\tex\AVman dat files not clearing

    Broadcom Employee
    Posted Oct 04, 2013 03:54 AM

    have you changed anything under conf.properties file?

     



  • 3.  RE: SEPM\data\inbox\log\tex\AVman dat files not clearing

    Posted Oct 04, 2013 04:11 AM

    No.



  • 4.  RE: SEPM\data\inbox\log\tex\AVman dat files not clearing

    Broadcom Employee
    Posted Oct 04, 2013 04:16 AM

    is the permission changed by any chance?

    does tomcat logs shows up any hint



  • 5.  RE: SEPM\data\inbox\log\tex\AVman dat files not clearing

    Posted Oct 04, 2013 04:20 AM

    No permissions changed. Which tomcat logs can I check?



  • 6.  RE: SEPM\data\inbox\log\tex\AVman dat files not clearing

    Broadcom Employee
    Posted Oct 04, 2013 04:23 AM

    whats the timestamp of the oldest .dat file?

    check for the scm-server-0.log.



  • 7.  RE: SEPM\data\inbox\log\tex\AVman dat files not clearing

    Posted Oct 04, 2013 04:33 AM

    Oldest 09:59AM - it is now 10:25AM.

    What I can see on the log:

     at java.util.TimerThread.run(Timer.java:505)
    2013-10-04 07:49:41.757 THREAD 31 SEVERE:  in: com.sygate.scm.server.task.AgentLogCollector
    java.sql.SQLException: See previous error list.
     at com.sygate.scm.server.logreader.sep.BatchLogHandler.process(BatchLogHandler.java:265)
     at com.sygate.scm.server.logreader.sep.LogHandler.process(LogHandler.java:144)
     at com.sygate.scm.server.task.AgentLogCollector.enumerateInbox(AgentLogCollector.java:304)
     at com.sygate.scm.server.task.AgentLogCollector.collectLogs(AgentLogCollector.java:156)
     at com.sygate.scm.server.task.AgentLogCollector.execute(AgentLogCollector.java:119)
     at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:22)
     at java.util.TimerThread.mainLoop(Timer.java:555)
     at java.util.TimerThread.run(Timer.java:505)

    and

    2013-10-04 08:04:45.207 THREAD 44 WARNING: Error during AV record processing: file is not readable <f82207bf-163a-4961-a27a-367d6b7991bd.dat>, and failed to rename the file...
    2013-10-04 08:04:45.209 THREAD 44 WARNING: Error during AV record processing: file is not readable <62982166-a9af-47d1-814e-583ac3d6cac3.dat>, and failed to rename the file...
    2013-10-04 08:04:45.210 THREAD 44 WARNING: Error during AV record processing: file is not readable <c2a1d6a8-471b-4458-b455-c60948ef1962.dat>, and failed to rename the file...
    2013-10-04 08:04:45.211 THREAD 44 WARNING: Error during AV record processing: file is not readable <c83f4c1a-2115-4124-a7a8-90a4ce10f7f6.dat>, and failed to rename the file...
    2013-10-04 08:04:58.646 THREAD 36 WARNING: AgentLastCheckInTask invalid IP in line: B3032B41A9FE4F5201462A1DE9963942

     



  • 8.  RE: SEPM\data\inbox\log\tex\AVman dat files not clearing

    Broadcom Employee
    Posted Oct 04, 2013 04:47 AM

    do you find the name of the file '7bf-163a-4961-a27a-367d6b7991bd.dat' under the directory AVMan folder?

    i suggest to open a support ticket.

     



  • 9.  RE: SEPM\data\inbox\log\tex\AVman dat files not clearing
    Best Answer

    Posted Oct 04, 2013 06:30 AM

    SQL dba confirmed that a db maintenance task was hanging ..caused the backlog. After stopping it , files are now being processed.