cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

DumpUserAudit Script Command Failing With Error e0000010

I've successfully run a script every week for months to dump and clear user audits (we're running autoboot so we have shared IDs). For the last two weeks, the script has only dumped some of the audit records and terminated with an e0000010 on the primary ID. This is apparently an error due to an invalid date/time so perhaps there's a machine somewhere with "Invalid date/time. Clock is reporting a time before 1992 or after 2038". Even though the error is thrown, the log is still cleared; i.e. the rest of the audit records are simply discarded. Luckily we don't care about autoboot user ID audits!

Is there anything I can do about this such as finding the source of the error. I'm concerned because there are user ID audit logs we will eventually want to dump and clear but we can't do that if we can't trust the DumpUserAudit command not to blow up and throw away data.

5 Replies
Highlighted

Re: DumpUserAudit Script Command Failing With Error e0000010

What do you mean by primary and shared user ID's? Do you use DumpUserAudit for each object (user name) and keep audit (-clear:false) and use -cleardaysold to control trimming audit logs?

Re: DumpUserAudit Script Command Failing With Error e0000010

We have 10 autoboot IDs defined because we were told that the system would use all of them -- it appears as if only the first one is used in almost all cases. Put another way, all machines autoboot using the same login ID. As you can imagine, with over 10K machines, the audit log gets large quickly.

The script does a dump on the ID group for the autoboot IDs with Clear:True.

Highlighted

Re: DumpUserAudit Script Command Failing With Error e0000010

Then change your way of clearing audit logs. Perform it on per user object and use option to leave events newer than certain number of days.

For those user objects which fail audit clear, you need to look more closely.

Highlighted
Level 10
Report Inappropriate Content
Message 5 of 6

Re: DumpUserAudit Script Command Failing With Error e0000010

if you are getting an "object not found" error when trying to dump entries, try running the CleanUpUserGroup sbadmcl command on tht group, then dump the group again.

Highlighted

Re: DumpUserAudit Script Command Failing With Error e0000010

I have a separate group with an object not found and I was planning to try your suggestion (I've only recently discovered the existence of that command.)

This is a separate problem -- my assumption is that one or more machines have set their clocks outside the range the server understands but I cannot think of how to find them, since the dump command fails.

BTW, I find it amusing (in a black humour way) that the scripting manual says all these corruption problems were fixed in release 4!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community