Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034061 - Logdecoder service shows "initialization error" after sudden power failure in RSA Security Analytics

Document created by RSA Customer Support

on Oct 6, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034061
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: SA Core Appliance RSA Version/Condition: 10.2.X, 10.3.X
Issue	Logdecoder Service shows "Initialization error" in Logdecoder->System page. This error may not allow Capture to start. Below errors indicate problematic database file. /var/log/messages: Sep 22 11:01:38 XXXX nw[14675]: [MetaSerializer] [warning] Meta typename lookup failed for index 384 - FileStream /var/netwitness/logdecoder/metadb/meta-000000133.nwmdb pos: 163705292 size: 156.59 MB, using typename serialize.error Sep 22 11:01:38 XXXX nw[14675]: [Packet] [failure] Meta maximum size has been exceeded serialize.error - FileStream /var/netwitness/logdecoder/metadb/meta-000000133.nwmdb pos: 163705292 size: 156.59 MB. Sep 22 11:01:38 XXXX nw[14675]: [Engine] [warning] Module logdecoder failed to load: Meta maximum size has been exceeded serialize.error - FileStream /var/netwitness/logdecoder/metadb/meta-000000133.nwmdb pos: 163705292 size: 156.59 MB. Diagnostic information: /home/hudson/workspace/ng-10.2-linux-tagged-r
Cause	This is due to corrupted database files during sudden power failure of server.
Resolution	Please follow below steps to fix the issue. 1. Login to putty of Logdecoder. 2. Check /var/log/messages to know the corrupted database file details as mentioned in this KB. Generally that file would be last database file written to that directory. 3. Stop the service using stop nwlogdecoder command. 4. Move the corrupted database file to different location. Sample commands: cd /var/netwitness/logdecoder/metadb/ mv meta-000000133.nwmdb /root/ 5. Start the service using start nwlogdecoder command. 6. Login to GUI and Verify the Administration->Services-> Logdecoder->System page as no "initialization error" now. Start Capture in the same page.

Attachments

Outcomes

0 Comments

Recommended Content