Advanced Troubleshooting with SmartEvent

Document created by CHINMAYA NAIK on Aug 10, 2018Last modified by CHINMAYA NAIK on Dec 11, 2018
Version 9Show Document
  • View in full screen mode

*************************************************************************************************************************************************************************************                                                                                          Troubleshooting with SmartEvent

*************************************************************************************************************************************************************************************

OS :- R77.30 / R80.10

 

Issue :- CPSEMD process is terminated randomly.

          : The output of "ps aux | grep postgres" command does not show the postgressql process

          : Output of "cpwd_admin list" command shows the "CPSEMD" process in the State "T" (terminated).

          : Not able to login smart event GUI after 30% if it will show "Authentication to server failed" because of CPSEMD process is terminated.

 

Reason:- The reason behind that the database might be corrupted.

 

SOLUTION 

 

NOTE :- Before you follow the process make sure that you take the proper system backup.

 

1. Need to check the CPU utilization of MGMT server or if Dedicated SmartEvent Server then check the same.

If CPU utilization is normal then check the "distrib" file size is more or not and also open the SmartEvent ---> Policy ------->Database Maintenance if it's more than 90% then need to follow the below procedure.

  1. evstop
  2. cd $RTDIR/distrib/<UID>
  3. rm --r *
  4. evstart
  5. Install policy from Smart Event

2. We need to check the "df -kh" to check the free space of "/var/log" directory it should be minimum 20 % free space.

3. Memory also need to check by "free -m".

 

NOTE : To check the Postgress process run command "ps aux | grep postgress".

           : To check the messages of $RTDIR/log/cpsemd.elg

 

NOTE :- If the above procedure does not work then follow the below procedure where we need to register the  Postgress.            

 

STEP 01 :- To  register the Postgress we need to unregister the Postgress process first.

[Expert@Gateway]# $CPDIR/database/postgresql/util/PostgreSQLCmd unregister -p AnalyzerFiber"

 

STEP 02 :- Now to check the status of the Postgress database is unregister successfully or not .

"cat $CPDIR/log/postgresqlcmd.elg"

 

STEP 03 :- Output will be like on second last line.

"PostgreSQL unregister finished successfully"

 

:- If its fail to unregister then manually need to unregister by below procedure.

 

  1. HKLM_registry.data (Location :- $CPDIR/register/HKLM_registry.data) need to modify so first backup the HKLM_registry.data by below command.

        "cp $CPDIR/register/HKLM_registry.data $CPDIR/register/HKLM_registry.data_BACKUP"

 

  1. After backup need to delete the below section in the HKLM_registry.data file.

         :(PostgreSQL

         :PgDataPath ("/opt/CPrt-Rxx/events_db/data")

         :UserName (cp_postgres)

         : (PgDatabase

         :AnalyzerFiber (true)

         )

         )

 

3After that need to follow the STEP 01 and then STEP 02 and verify that unregister successfully done or not if done then follow the next step.

 

STEP 04 :- Need to check the "setPostgresReg.txt" File.

 

  1. Go to $RTDIR/log and we able to find out the setPostgresReg.txt file.
  2. Check the below highlighted content is there or not if it's not there then add the below content before editing the setPostgresReg.txt take the backup setPostgresReg.txt file and then do this.

 

        passwd:cp_postgres t

        passwd:cp_postgres:uid 1008

        passwd:cp_postgres:gid 0

        passwd:cp_postgres:homedir /home/cp_postgres

        passwd:cp_postgres:realname Postgres

        passwd:cp_postgres:shell /bin/sh

        passwd:cp_postgres:passwd *

        group:cppostg t

        group:cppostg:gid 1008

 

STEP 05 :- Need to check the "data" directory is exist or not.

  1. Go to the Location $RTDIR/events_db/data
  2. Check whether "data" directory exists or not if not then make a directory and name as "data".

[Expert@Gateway]#cd $RTDIR/events_db

[Expert@Gateway]#mkdir data

 

STEP 06 :- ###Need to check the below line is exist or not in "/etc/passwd" directory if not then add the below line on "/etc/passwd" directory.

  1. "cp_postgres:x:1008:0:Postgres:/home/cp_postgres:/bin/sh"

 

STEP 07 :- Need to check the below line is exist or not in "/etc/group" directory if not then add the below line on "/etc/group" directory.

1.bin:x:1:root,cp_postgres 

2.config:x:11:cp_postgres

 

STEP 08 :- Need to register the postgress .

[Expert@Gateway]#$CPDIR/database/postgresql/util/PostgreSQLCmd register -p AnalyzerFiber -D "/opt/CPrt-R77/events_db/data"

 

STEP 09 :-  Follow the "STEP02" for check the status of the Postgress database is register successfully or not .

  1. The output will be like on second last line.

      "PostgreSQL register finished successfully"

 

NOTE:-  Some time might be unable to register the Postgress on this I recommended to raise a case with ChekPoint TAC.

 

STEP 10:- After register the PostgreSQL start the Checkpoint Services by below command.

  1. cpstart

 

STEP 11 :-  Now need to verify the postgress process is running or not by below command.

  1. ps aux | grep postgres (If you see multiple process its done)

 

FINAL STEP:- Now try to access the SmartEvent console and also monitor the CPSMD process.

 

IMP NOTE:- Still if the issue is not resolved then restore the previous system backup if its already there or else take a proper backup of Smart Event Server and do the fresh installation of Smart Event Server and restore the backup, For this we no need any Downtime to do the activity.

 

#Chinmaya Naik

Network Security Engineer, QOS Technology PVT LTD., INDIA

2 people found this helpful

Attachments

    Outcomes