| Article Number | 000034061 |
| Applies To | RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Packet Decoder, Log Decoder
RSA Version/Condition: 10.6.X
|
| Issue | Logdecoder Service shows "Initialization error" in Logdecoder->System page. This error may not allow Capture to start.
Below errors indicate a problematic database file.
/var/log/messages:
Sep 22 11:01:38 XXXX nw[14675]: [MetaSerializer] [warning] Meta typename lookup failed for index 384 - FileStream /var/netwitness/logdecoder/metadb/meta-000000133.nwmdb pos: 163705292 size: 156.59 MB, using typename serialize.error
Sep 22 11:01:38 XXXX nw[14675]: [Packet] [failure] Meta maximum size has been exceeded serialize.error - FileStream /var/netwitness/logdecoder/metadb/meta-000000133.nwmdb pos: 163705292 size: 156.59 MB.
Sep 22 11:01:38 XXXX nw[14675]: [Engine] [warning] Module logdecoder failed to load: Meta maximum size has been exceeded serialize.error - FileStream /var/netwitness/logdecoder/metadb/meta-000000133.nwmdb pos: 163705292 size: 156.59 MB. Diagnostic information: /home/hudson/workspace/ng-10.2-linux-tagged-r
|
| Cause | This is due to corrupted database files during sudden power failure of server. |
| Resolution | Please follow the below steps to fix the issue.
- Login to putty of Logdecoder.
- Check /var/log/messages to know the corrupted database file details as mentioned in this KB. Generally, that file would be the last database file written to that directory.
- Stop the service using stop nwlogdecoder command.
- Move the corrupted database file to a different location.
Sample commands:
cd /var/netwitness/logdecoder/metadb/
mv meta-000000133.nwmdb /root/
- Start the service using start nwlogdecoder command.
- Login to GUI and Verify the Administration->Services-> Logdecoder->System page as no "initialization error" now. Start Capture on the same page.
|
on Oct 6, 2016