cancel
Showing results for 
Search instead for 
Did you mean: 

Eror occured in ELM

Jump to solution

How can I find the reason of this error?

Screenshot attached.

1 Solution

Accepted Solutions
ksudki
Level 10
Report Inappropriate Content
Message 13 of 14

Re: Eror occured in ELM

Jump to solution

Hello M. BM,

Unfortunately you cannot change this as it is hardcoded in the GUI. The only 3 possibilities to workaround this 1GB issue are:

1. Reducing the timeframe of the query and run multiple query/extract on the GUI (time consuming)

2. Using the script I made, which automate this process (don't forget to use a screen session to avoid timeout)

3. Using the SFTP interface provided with the ELM. The drawback is that you will have to filter the raw data to extract the desired information

Let me know if it answers your question

Regards

13 Replies
ksudki
Level 10
Report Inappropriate Content
Message 2 of 14

Re: Eror occured in ELM

Jump to solution

Did not face this error yet, however it seems related to the storage pools.

Did you already check the available space left per storage pool in the  ELM Properties > Storage Pools.

Re: Eror occured in ELM

Jump to solution

There is no problem with storage.

Actually the problem occurred during the search on ELM and It is occurring when there are a lot of result.

I think there is a problem with catching result or some limitation it has!

Any Idea can be helpful.

Thanks.

ksudki
Level 10
Report Inappropriate Content
Message 4 of 14

Re: Eror occured in ELM

Jump to solution

This discussions might help you bypassing the ELM limitations :

You can either use sFTP to extract huge amounts of logs:

https://community.mcafee.com/thread/70302

Or, I developped a script which might help you:

https://community.mcafee.com/thread/64177

Let me know what you think

Regards

Re: Eror occured in ELM

Jump to solution

Thanks but it is different.

ksudki
Level 10
Report Inappropriate Content
Message 6 of 14

Re: Eror occured in ELM

Jump to solution

With the few detailed you gave, I was able to reproduce your issue.

I can confirm that it is related to both discussions I mentionned in my previous post and that even you are in the "Enhanced ELM search" view, you hit the 1GB limit and causing this error.

Regards

Re: Eror occured in ELM

Jump to solution

We are using DAS and I checked it. No storage issue.

Re: Eror occured in ELM

Jump to solution

I will check again and let you know.

nickram
Level 7
Report Inappropriate Content
Message 9 of 14

Re: Eror occured in ELM

Jump to solution

Putty to your box and run a df -h make sure none of your disks are 100% used.

ksudki
Level 10
Report Inappropriate Content
Message 10 of 14

Re: Eror occured in ELM

Jump to solution

@nickram: I was able to reproduce the issue and confirm that it is not storage related.

When you do a search on the ELM using the ESM, there is a limit on the size you can query which is 1GB. Also the GUI does not accept any values bigger then 1GB.

The reason behind, is that the system is launching a command in the background elmsearch which required this optional parameter:

g = Optional.  The maximum number of MB of output allowed. When the number of result bytes plus the number of bytes in all files saved in 'kd' reach this amount the program will terminate.  If this value is not specified no output constraint will be imposed.  Note that there is an internal limit of 2GB on the number of result bytes.

Note: When I did some testing developping the script I have mention previously, it apparently does not accept any values over 1GB.

The error that M. BM is actually seeing is directly related to that because he is querying a large amount of data, which can not be achieved using the GUI unfortunately.

@M. BM: do you have some feedback already?

Regards