cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cluce
Level 8
Report Inappropriate Content
Message 11 of 20

Re: Eventparser and SQL DB issues

Jump to solution

Good morning!

I lowered the compatibility level to 140 (2017) and restarted the eventparser service a few times throughout the day.  The issue remained.  I just checked my CU and I'm currently running 2019.150.2000.5, which is "RTM" I guess.  I grabbed CU12 last night from Microsoft and we're going to test that today.

Again, the underlying issue here is it works for one of my networks with the exact same setup, which is also 2019.150.2000.5.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 12 of 20

Re: Eventparser and SQL DB issues

Jump to solution

Take one of the events from the non-working events\debug folder for vse that didn't parse and drop it into your server that works - does it parse or go to debug folder?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

cluce
Level 8
Report Inappropriate Content
Message 13 of 20

Re: Eventparser and SQL DB issues

Jump to solution

You know, that's a great idea!  Unfortunately I don't have that capability as data from one cannot touch the other.  I could open one of the .txml files to see how big it is and retype it though to see what happens.  Let me go take a look.

cluce
Level 8
Report Inappropriate Content
Message 14 of 20

Re: Eventparser and SQL DB issues

Jump to solution

I modified the IP address and the agent GUID, re-typed the .txml and placed it in the working networks event folder.  The eventparser.log updated with a successful parse, and ePO is showing the new eicar event correctly.

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 15 of 20

Re: Eventparser and SQL DB issues

Jump to solution

Thats one of the issues i had in mind:

https://kc.mcafee.com/corporate/index?page=content&id=KB85700

Not access protection but OAS, do you have a more recent version of the extension checked in from VSE Reports Extension 1.2.0.272.?

If the errors are the same on the event parser then i can suggest you to open an SR with the VSE team if the extension is newer

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 16 of 20

Re: Eventparser and SQL DB issues

Jump to solution

You also might want to try removing the reports extension only, not the main vse extension.  Then re-check it in, but make sure both extensions are the latest versions.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

cluce
Level 8
Report Inappropriate Content
Message 17 of 20

Re: Eventparser and SQL DB issues

Jump to solution

I'm currently using VSE Reports Extension 1.2.0.264 on both of my networks, I can grab a new version from my provider to see if I can upgrade, I DO have VSE Reports Extension 1.2.0.477 and tried removing the reports extension only, loading 477 and restarting my eventparser service but the events go to the debug folder still.

Unfortunately our service is a "from home use" kind of grant, and I don't have the ability to submit a ticket to anyone....it's a great support situation 🙂

I'm currently looking into the log level 8 approach and seeing what I can get PM'd to you.  With all the troubleshooting (thanks again to everyone for helping thus far!) I'm starting to think I could possibly have a corrupted epo_events DB or table, maybe I should start looking to troubleshoot my SQL environment.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 18 of 20

Re: Eventparser and SQL DB issues

Jump to solution

Out of curiosity, you didn't by any chance rename the events database, did you?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

cluce
Level 8
Report Inappropriate Content
Message 19 of 20

Re: Eventparser and SQL DB issues

Jump to solution

Nope! I let the ePO installation setup that one and ensured the dbo user had correct permissions matching the service account I created for ePO.

edit: typo

aguevara
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 20 of 20

Re: Eventparser and SQL DB issues

Jump to solution

Thank you for sharing privately the Event parser on log level 8, indeed we dont get much from what we already know:

DAL->ExecQuerey failied. h4=80004005
source/server.cpp(1064): Com error 0x80004005, source=(null), desc=(null), msg=unspecified error

I think the next step is to review what exactly is failing while inserting the event into the tables by the dll and that is done with an SQL Server Profiler, support has some templates designed to investigate this sort of issues but i think we need a support request.

If you have a grant you should be able to open an SR, would it be OK for you to share that with me privately and i can could check internally?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community