Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SecMon Event Viewer crash after VMS 2.2 upgrade

I saw a response to a similar issue from Jie but this is NOT IEV but Security Monitor 2.2 Eventer Viewer crashing after VMS 2.2 upgrade.

While there is no CSA 4.0 daemon to stop (per Jies earlier advice) I stoppped the CiscoWorks MC for CSA Agents daemon and still get the following error:

"A serious internal error of unknown origin was detected in the event viewer server. You must reboot your server machine to fix the problem."

I can launch the event viewer if I choose only todays data, but no data appears in the viewer.

Can anyone advise?

thanks

Mike

2 REPLIES

Re: SecMon Event Viewer crash after VMS 2.2 upgrade

Hi Mike,

I noticed that this question had not yet been answered so I thought I would jump in. I would probably need to get some logs from your server to assist and I think this may be beyond the scope of the NetPro forum. So, my suggestion (if you have not already done so) would be to go ahead and open a TAC case for assistance. Sorry I could not be more help here.

Scott

New Member

Re: SecMon Event Viewer crash after VMS 2.2 upgrade

Hi Scott

I ended up rebuilding everything and figured out that the crashes came from the plethora of alarms generated by msblast, nachi worm. We were seeing 2100, 2152, 3327, 3328 to the tune of 900k per 15 mins! on several different sensors.

sheesh. I wonder what the maximum load is for these guys. the sensors held up but the secmon could not even begin to handle it.

Later after blowing everything out, I tried to increase the secmon preferences to load 250000 alarms into the viewer but it was about a week before I was able to delete all those alarms..200k at a time :(

I wish there was a way to manually prune alarms from the database to avoid this DOS on the SecMon console.

I appreciate your offer of help!

Peace,

Mike

89
Views
0
Helpful
2
Replies