ESM 10x: How to Troubleshoot SQL Data Source Connections on the Event Receiver

Version 1


    This article describes how to troubleshoot connections for SQL data sources on a 10x ERC.

    NOTE: These steps can be used to troubleshoot issues with SQL data source connections that are found in the following ways:

    • When you perform a test connect, it produces an error in the data source configuration window and is not able to successfully make a connection.
    • The logs in /var/log for this specific data source report Failed to connect messages.


    Follow these steps to troubleshoot an SQL data source with connection issues:

    1. 1. Open an SSH session to the Receiver that the data source is being added to.
    2. 2. Type the following command and press ENTER: 

      sqlquery -d ## -- 'select name from sys.databases'   
      (where "##" is the vipsid for this data source found in /etc/NitroGuard/thirdparty.conf)
    3. 3. Wait for an output similar to the following

      $VAR1 = [
      child process for id=95 completed in 0 of 60 seconds
    4. 4. Examine the output. The name of the database that you have entered in the data source configuration window should be an exact match to one of the results returned from the sqlquery. Any differences will prevent the data source from collecting; therefore, Intel Security strongly recommends that you copy the name of the database from the returned results and paste it into the Database Name field to eliminate the chance of human error.

    NOTE: In very rare cases, you will need to use an Instance Name. This can also create connection issues, so if there is an instance name for this data source, you should remove it and write out the data source settings because this may help resolve any connection issues.

    This query can also identify any permission issues with the account you are using to connect to the database. If the sqlquery command fails due to permission issues, it will return detailed error message indicating why it failed.