Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CSMP Event Viewer

I get this error message when I open Event Viewer on CSPM. It happened when I updated the latest signature on IDSM to Version 3.0(5)S33.

"new DbEventCallback,eventStreamConsumer--> Read failed"

"newDbEventCallback, error caught in catch block"

I used cvtnrlog.exe command to purge all entries in the database in the hope it will help, but the problem seems not to go away. Does anyone have or see this error and have the solution for this ? Any help would much appreciate.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSMP Event Viewer

Looks like your database might have gotten corrupted.

Open up CSPM and go to File - Export and save your current configuration off to a .cpm file somewhere NOT under the CSPM

directory structure. Close down CSPM. Now go to Start - Programs - Cisco Systems - CSPM - Troubleshooting Toolkit, under

the Restore Policy Database tab hit the Restore button and wait for the 4 checkboxes to check themselves off. Now open up

CSPM again and it'll come up with a blank database. Go to File - Import and import the .cpm file you just exported back in. Remove the new "Imported" user from the bottom menu on the left hand side, and do a Save/Update and see how that goes.

4 REPLIES
Cisco Employee

Re: CSMP Event Viewer

Looks like your database might have gotten corrupted.

Open up CSPM and go to File - Export and save your current configuration off to a .cpm file somewhere NOT under the CSPM

directory structure. Close down CSPM. Now go to Start - Programs - Cisco Systems - CSPM - Troubleshooting Toolkit, under

the Restore Policy Database tab hit the Restore button and wait for the 4 checkboxes to check themselves off. Now open up

CSPM again and it'll come up with a blank database. Go to File - Import and import the .cpm file you just exported back in. Remove the new "Imported" user from the bottom menu on the left hand side, and do a Save/Update and see how that goes.

Community Member

Re: CSMP Event Viewer

Thanks a lot, the errors have gone. Is there away we can save audit record before doing the restore, and then import it back in to the database ?

Cisco Employee

Re: CSMP Event Viewer

Do you mean the old alerts? If so, not really. If you have Logging enabled on the sensor, then each of those alerts are logged locally on the hard disk of the sensor in addition to being sent to CSPM. They're stored in /usr/nr/var/new and tmp and automatically archived. If you FTP these off the server (you can set this up to be done automatically also) onto the CSPM box, then when you go to Tools - View Sensor Events, select Log File rather than Database and you can view the old events that way.

Community Member

Re: CSMP Event Viewer

Thanks for your help. It is really helpful.

294
Views
0
Helpful
4
Replies
CreatePlease to create content