Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chinmaya_Naik
Advisor

Advanced Troubleshooting with SmartEvent

*************************************************************************************************************************************************************************************                                                                                          Troubleshooting with SmartEvent

*************************************************************************************************************************************************************************************

OS :- R77.30 / R80.10

Issue :- CPSEMD process is terminated randomly.

          : The output of "ps aux | grep postgres" command does not show the postgressql process

          : Output of "cpwd_admin list" command shows the "CPSEMD" process in the State "T" (terminated).

          : Not able to login smart event GUI after 30% if it will show "Authentication to server failed" because of CPSEMD process is terminated.

Reason:- The reason behind that the database might be corrupted.

SOLUTION 

NOTE :- Before you follow the process make sure that you take the proper system backup.

1. Need to check the CPU utilization of MGMT server or if Dedicated SmartEvent Server then check the same.

If CPU utilization is normal then check the "distrib" file size is more or not and also open the SmartEvent ---> Policy ------->Database Maintenance if it's more than 90% then need to follow the below procedure.

  1. evstop
  2. cd $RTDIR/distrib/<UID>
  3. rm --r *
  4. evstart
  5. Install policy from Smart Event

2. We need to check the "df -kh" to check the free space of "/var/log" directory it should be minimum 20 % free space.

3. Memory also need to check by "free -m".

NOTE : To check the Postgress process run command "ps aux | grep postgress".

           : To check the messages of $RTDIR/log/cpsemd.elg

NOTE :- If the above procedure does not work then follow the below procedure where we need to register the  Postgress.            

 

STEP 01 :- To  register the Postgress we need to unregister the Postgress process first.

[Expert@Gateway]# $CPDIR/database/postgresql/util/PostgreSQLCmd unregister -p AnalyzerFiber"

STEP 02 :- Now to check the status of the Postgress database is unregister successfully or not .

"cat $CPDIR/log/postgresqlcmd.elg"

STEP 03 :- Output will be like on second last line.

"PostgreSQL unregister finished successfully"

:- If its fail to unregister then manually need to unregister by below procedure.

  1. HKLM_registry.data (Location :- $CPDIR/register/HKLM_registry.data) need to modify so first backup the HKLM_registry.data by below command.

        "cp $CPDIR/register/HKLM_registry.data $CPDIR/register/HKLM_registry.data_BACKUP"

  1. After backup need to delete the below section in the HKLM_registry.data file.

         :(PostgreSQL

         :PgDataPath ("/opt/CPrt-Rxx/events_db/data")

         :UserName (cp_postgres)

         : (PgDatabase

         :AnalyzerFiber (true)

         )

         )

3After that need to follow the STEP 01 and then STEP 02 and verify that unregister successfully done or not if done then follow the next step.

STEP 04 :- Need to check the "setPostgresReg.txt" File.

  1. Go to $RTDIR/log and we able to find out the setPostgresReg.txt file.
  2. Check the below highlighted content is there or not if it's not there then add the below content before editing the setPostgresReg.txt take the backup setPostgresReg.txt file and then do this.

        passwd:cp_postgres t

        passwd:cp_postgres:uid 1008

        passwd:cp_postgres:gid 0

        passwd:cp_postgres:homedir /home/cp_postgres

        passwd:cp_postgres:realname Postgres

        passwd:cp_postgres:shell /bin/sh

        passwd:cp_postgres:passwd *

        group:cppostg t

        group:cppostg:gid 1008

STEP 05 :- Need to check the "data" directory is exist or not.

  1. Go to the Location $RTDIR/events_db/data
  2. Check whether "data" directory exists or not if not then make a directory and name as "data".

[Expert@Gateway]#cd $RTDIR/events_db

[Expert@Gateway]#mkdir data

STEP 06 :- ###Need to check the below line is exist or not in "/etc/passwd" directory if not then add the below line on "/etc/passwd" directory.

  1. "cp_postgres:x:1008:0:Postgres:/home/cp_postgres:/bin/sh"

STEP 07 :- Need to check the below line is exist or not in "/etc/group" directory if not then add the below line on "/etc/group" directory.

1.bin:x:1:root,cp_postgres 

2.config:x:11:cp_postgres

STEP 08 :- Need to register the postgress .

[Expert@Gateway]#$CPDIR/database/postgresql/util/PostgreSQLCmd register -p AnalyzerFiber -D "/opt/CPrt-R77/events_db/data"

STEP 09 :-  Follow the "STEP02" for check the status of the Postgress database is register successfully or not .

  1. The output will be like on second last line.

      "PostgreSQL register finished successfully"

NOTE:-  Some time might be unable to register the Postgress on this I recommended to raise a case with ChekPoint TAC.

STEP 10:- After register the PostgreSQL start the Checkpoint Services by below command.

  1. cpstart

STEP 11 :-  Now need to verify the postgress process is running or not by below command.

  1. ps aux | grep postgres (If you see multiple process its done)

FINAL STEP:- Now try to access the SmartEvent console and also monitor the CPSMD process.

 

IMP NOTE:- Still if the issue is not resolved then restore the previous system backup if its already there or else take a proper backup of Smart Event Server and do the fresh installation of Smart Event Server and restore the backup, For this we no need any Downtime to do the activity.

#Chinmaya Naik

Network Security Engineer, QOS Technology PVT LTD., INDIA

4 Replies
Gaurav_Pandya
Advisor

Good Doc.

For smart event CPSEMD is the main process and we can see the logs/event in cpsemd.elg file in $RTDIR/log directory.

0 Kudos
_Val_
Admin
Admin

Just a note, SmartEvent functionality and some troubleshooting techniques are addressed in ATRG: SmartEvent 

0 Kudos
_Val_
Admin
Admin

Also, CHINMAYA NAIK‌, I have fixed spelling a bit. It is SmartEvent, a single singular word. Hope you do not mind

0 Kudos
Chinmaya_Naik
Advisor

Thank you valeri sir thanks for your participation.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events