cancel
Showing results for 
Search instead for 
Did you mean: 

No Data seen at ESM

Jump to solution

Hi,

I have an issue at SIEM Allinone combo box ESM version 9.6 MR6

We can not see any logs at ESM (last 2 days)

I see that when we get events and the flows through the web ui an information occurs at Status tab that says: "Error retrieving events: Error:The requested job already exists: 1 jobs running.

And i check the /var/log/messages

a flood says :         Packet Read failed with r = 112, ObjectID = ..... , IPSID= .....

What is packet read failed with r= meaning?

Do you have any idea about the problem?

Thanks.

1 Solution

Accepted Solutions
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 8 of 23

Re: No Data seen at ESM

Jump to solution

The ESM DB may be having issue creating partitions in the past time and having to insert both new events and older events at the same time. Try adjust the get events and flows setting and restrict it to "do not insert events/flows if time stamp is older then one day". Restart the box and see what happens.

22 Replies
xded
Level 12
Report Inappropriate Content
Message 2 of 23

Re: No Data seen at ESM

Jump to solution

This is normally a support case for McAfee. But you can try this one -> Logon via ssh and write this command: Service cpservice stop after this Service cpservice start.

If this don't work please call the McAfee Support.

Re: No Data seen at ESM

Jump to solution

Hi

I've already opened a case about this

I've rebooted the system but no changes occured.

Thanks.

Highlighted
xded
Level 12
Report Inappropriate Content
Message 4 of 23

Re: No Data seen at ESM

Jump to solution

I had the same issue about that but i don't remember about the database rebuild command after service cpservice stop. The rebuild command was the issue in my environment.

Re: No Data seen at ESM

Jump to solution

Hi

I've stopped the auto interval check cause of the lots of events waiting and trying again and again.

I see the util. with sar -d 3 3 command.

when i disabled the auto check interval the utilz. decreased the %12 from %98

then i tried the retrieve logs on the ESM (get events and flows) utilz increased again %98 (note: downloaded 100000 events but i couldn't see the logs on the ESM web ui)

maybe i should wait for all the processes become normal.

kmc
Level 12
Report Inappropriate Content
Message 6 of 23

Re: No Data seen at ESM

Jump to solution

Re: No Data seen at ESM

Jump to solution

Hi

Thanks for your support.

i think the problem is retrieving events on the dashboard.

I can see the changings on datasources' in and out folders.

and i also can do elm search.(today and yesterday events) but i cannot see the events at the dashboard when i want to see esm current day.

BR

Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 8 of 23

Re: No Data seen at ESM

Jump to solution

The ESM DB may be having issue creating partitions in the past time and having to insert both new events and older events at the same time. Try adjust the get events and flows setting and restrict it to "do not insert events/flows if time stamp is older then one day". Restart the box and see what happens.

Re: No Data seen at ESM

Jump to solution

Hi ​;

where can i see the don't insert and get events option?

Thanks

BR

Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 10 of 23

Re: No Data seen at ESM

Jump to solution

System Properties > Database > Data Retention > Restrict insertion of > Don't insert data older than ... "1 hour".

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community