000012446 - After successfully migrating to V 4.0 the NIC_View generates high number of alert %NIC-3-505803:

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012446
Applies To
Envision V 3.7.0
Envision V 4.0
Issue
After Successfully migrating from envision V 3.7 build 169 to envision Version 4.0 build 228 The NIC View generates high number of the following alert
%NIC-3-505803: LSAdmin LSAdmin - - - - Detail: 1048: Failed open service manager on ?Envision Site Name? for NIC IDS (XML) Service
Cause

History:

Envision version 4.0 has introduced NIC SDEE Collection Service which collects IDS data formatted under the Security Device Event Exchange (SDEE) standard. NIC SDEE Collection Service converts these messages into syslog events and sends them to the Service.  This service has replaced the NIC IDS (XML) Service which was used with version prior to V4.0 to Collect IDS (XML) data from Cisco IDS devices and converts these messages into syslog events and sends them to the NIC Collector Service via shared memory. 

The Reason:
On Envision version 3.7 the IDS XML service creates an entry in the idsxmlServiceConfig table in the nic.db database every time you add a new IDS Server to the IDS XML Service page in envision (Overview>>System Configuration>>Services>>Device Services>>Manage Secure IDS (XML) Service), the entry in the table is what activate the Manage Secure IDS (XML) Service Screen to look for the NIC IDS (XML) Service.
After the migration to Version 4.0 the NIC IDS (XML) Service is removed, but the idsxmlServiceConfig table and its entries will still exist in the database for backward compatibility reasons.
Resolution

 
*Note: It is strongly recommended that you perform this modification with an Envision support technician to ensure that you do not inadvertently change anything else in the table.

To make the change to the table, do the following:

1.      Stop ALL of the NIC Services except the NIC DB Server service

2.      Go to E:\%_envision%\database\cmd

3.      Double-click startISQL.cmd

4.      In the SQL Statements window, type:

select * from idsxmlServiceConfig

5.      Press [F5]

6.      Delete the entries in the Table depending on single or multi Site Environment and the version of envision.

?         Single site (ES) that has been upgraded to V 4.0 (Delete all the entries in the table).

 ?         If it's a mutli-site (LS) and there is a slave site still running version 3.7.0, do not delete the entries for that site, only delete the rows belonging to enVision version 4. 
 7.      To Delete the entries do the following: 
   
 ?  Right Click on the GUID of the entry 
 ?  Select Copy Cell 
 ?  In the SQL Statement Window type 
 ?  select * from idsxmlServiceConfig where guid = {Paste the GUID} 
 ?  Make Sure only the correct GUID is appearing 
 ?  In the SQL Statement Window type 
 ?  delete idsxmlServiceConfig where guid = {Paste the GUID} 

8.     Press [F5]

9.     Close the ISQL GUI.

10.  Restart the All NIC Services.

Legacy Article IDa45780

Attachments

    Outcomes