|Applies To||RSA Security Analytics|
RSA Security Analytics 10.1 and above
RSA Security Analytics Log Collector
RSA Security Analytics Virtual Log Collector
RSA Security Analytics ODBC Collection
|Issue||Error message basic_string::_S_create is seen when collecting ODBC events in RSA Security Analytics.|
The error marked in red below will be seen in the /var/log/messages on the Log Collector or Virtual Log Collector.
Jun 10 09:18:09 NWAPPLIANCE2932 nw: [OdbcCollection] [failure] [mcafeedlp3000.ePO] [processing] [ePO] [processing] An error occurred collecting ODBC events using query tag MCAFEEDLP. Error: basic_string::_S_create
The issue appears to be a column (field) in the data query that is extremely long or longer than the defined max in the field buffer in Log Collector for ODBC data processing. Once the column (field) length was limited to 255 by adding SUBSTR to SQL select clause there are no issues.
The basic_string::_S_create error points to a buffer overflow.
Below are the steps that you need to run on the Log Collector or Virtual Log Collector in order to fix the issue.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
|Legacy Article ID||a66354|