Troubleshooting
Problem
Guardium appliance data is partitioned by day. The purge process removes old data and partitions based on the defined purge age. In some cases old days partitions are not removed by purge, or old data might be present even though partitions from those old days are not.
These problems can appear on Guardium v10 and v11, even without any noticeable symptom. However, during upgrade from to v11 or v12 presence of the old data or partitions can trigger more severe symptoms. Therefore, p9998 Health check starting from 10 March 2022 release has a specific check for two conditions with errors:
- ERROR: Old partitions found. The oldest partition is <date> while expected oldest date is <date> Please run support must_gather patch_install_issues and contact support to clean up old partitions
- ERROR: Data older than purge period + 60 days found in oldest partition. Please run support must_gather patch_install_issues and contact support to clean up old data
The old data or partitions problems must be resolved before upgrading to v11 or v12.
Symptom
After p9998 install:
- Patch installation fails
- Healthcheck.log file contains one or both messages:
- ERROR: Old partitions found. The oldest partition is <date> while expected oldest date is <date> Please run support must_gather patch_install_issues and contact support to clean up old partitions
- ERROR: Data older than purge period + 60 days found in oldest partition. Please run support must_gather patch_install_issues and contact support to clean up old data
Other symptoms of old partitions and data issues that might appear:
- Unusually long running purge process
- Each day the number of 'days to purge' seen in the Aggregation/Archive log is increasing, up to 10s or 100s of days found
Cause
Old partitions and old data problems have different causes, some of which are resolved in latest Guardium GPU and Bundle patches.
Known causes:
- Days not archived or exported, which have therefore not been purged
- Invalid timestamp, causing data not to be purged
- Corrupted partitions that cannot be dropped by purge process
Resolving The Problem
The best path to resolving the problem depends on a number of factors including:
- How much data is on the appliance
- How many old partitions there are
- What was the root cause of old partitions
- Has old partitions clean up been attempted previously on the appliance
- How many appliances are affected
Therefore, it is recommended to consult with Guardium support before forming a plan to resolve the issue. When contacting support please attach must gather information:
- Support must_gather patch_install_issues
- Support must_gather agg_issues
- Support must_gather system_db_info
Guardium support team can consult the internal section of this technote to plan how to resolve the issue.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0LAAS","label":"AGGREGATION"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
06 July 2023
UID
ibm16564421