Repair Tool for Corrupted Database?

hschupp · ‎01-28-2002

Hey all -

My database

(using CSPM 3.03(S13) with Unix IDS host sensors at (S13) as well)

is corrupted. It will let me view the database if I keep the selected period set after Jan 24th but if I try to view earlier events it generates "memory" errors. After I clear the errors the Database Event Viewer screen will still show the events that occured after Jan 24th but the first 3 lines show a count of 16777216 and a number (26, 27, 96).

Attempting to expand the columns for any of the 1st three items will crash the CSPM. On Thursday (Jan 24th) I had been trying to clear all Flood-type events prior to Jan 1st. It seems obvious that doing so has corrupted the DB... Is there anyway to rebuild the DB or to simply delete the current DB and have it begin anew?

I had done a backup but it fails to open.

H. Schupp

chstone · ‎01-29-2002

The most effective method to reslove this error will be to clean out the database through a command line utility known as "cvtnrlog".

On your CSPM box, open a Dos prompt and go to /Program Files/Cisco Systems/Cisco Secure Policy Manager/bin. Take a look at the switches available by doing "cvtnrlog /?". You can save your database events in a flat file by typing "cvtnrlog -a>myevents.log". Once you have done this, type "cvtnrlog -d". This will clear all of the events from the database. When you open up Event Viewer there will be no old alarms present.

You may want to routinely run this command on the database. If your current count is 16777216, this is a very large number of events, and the chance of corruption is much higher for the database.

If you need further assistance with this issue, please contact the TAC and we will gladly assist you.

chris