IBM Support

DATA Import is successful but no "Import" entries are seen in Aggregation/Archive Log report on Guardium GUI

Troubleshooting


Problem

I can't see scheduled "Import" related entries in the Aggregation/Archive Log. However, agg_progress.log file captured via support must_gather agg_issues clearly shows DATA Import kicked off at scheduled time and was successful. When I run the "DATA Import" manually, the entries are visible in the GUI report.

Cause

The aggregation activities are updated under appliance internal table called AGGREGATOR_ACTIVITY_LOG. In an unlikely event where Guardium fails to kick off midnight aggregation process which is it's housekeeping task, today's tables are not generated. Since they remain missing before scheduled Import job, Import activities are not updated in the appliance database even though import completes successfully.

Since the Import runs successfully as scheduled, it creates today's tables and the next time when the Import is ran manually, the entries appear under report.

Diagnosing The Problem

1. support must_gather agg_issues

->agg_progress.log file captured via above must_gather confirms the Import ran and completed successfully or not. If you see errors related to Import, please provide this must_gather file to IBM Support.

2. agg_progress.log does not show any traces of midnight process.

-> agg_progress.log should show up something like this if the midnight process has no issues kicking off.


Resolving The Problem

Reboot the appliance so that tomcat and MySQL will reinitialize their memory to setup midnight aggregation process thereby making sure today's tables required for update of activities under AGGREGATION_ACTIVITY_LOG are created during the midnight aggregation process itself.

Please note that reboot of the appliance should only be carried out specifically when you DO NOT see import entries in Aggregation/Archive Log report but agg_progress.log file shows them.

DO NOT REBOOT the appliance unless :

- All aggregation process are running as scheduled as per the agg_progress.log

- No aggregation Process conflicts with midnight job

- support show db-processlist running shows no MySQL processes running

- agg_progress.log OR Aggregation/Archive Log report shows no aggregation process currently running.

It is still best to open up a PMR with Guardium Support if you are not sure.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Central Manager and Aggregator","Platform":[{"code":"PF016","label":"Linux"}],"Version":"8.2;9.0;9.1;9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21998659

Page Feedback