|Applies To||RSA Product Set: Security Analytics. RSA NetWitness Logs and Network|
RSA Product/Service Type: Log Collector, ODBC Log Collection
Platform: CentOS 6,7
Platform (Other): Microsoft Windows, Microsoft SQL Server
|Issue||ODBC Log Collection to a Microsoft SQL Database fails due to a trace file becoming corrupted. The Trace File directory on the SQL Server will continue filling with logs until this situation is resolved.|
In the /var/log/messages file on the Log Collector, messages similar to the following will be seen.
The important error to observe is below.
In this example, c:\MyTraceFiles is the directory where the Tracefiles are being stored on the MS SQL Server.
|Cause||A trace file has become corrupted which prevents the Log Collector from collecting further files.|
Ensure that the trace file directory is excluded from any software that may also lock files in this directory.
Examples of such software include anti-virus or third-party backup software.
|Resolution||To resolve the issue:|
The Trace files will then be processed correctly.
|Notes||All screenshots come from an internal test machine and contain no sensitive information.|