I have inherited a faulty Envision system, it is fairly old (enVision v4.1 SP 1 Build: 0117). Trying to fathom how it works I identified that a SAN attached volume had run out of space. This volume contained what I believe to be the raw data that is written, and there is a folder on that volume for each IP address which is managed by Envision (e.g. Snare agents for Windows devices) which also contains year and month folders which ultimately contain files which I presume is security audit data).
Once I removed some of the older data, I saw messages when looking at real time analysis which indicated that it was now processing x numbers of messages. This was an improvement as prior to this it wasn't doing much at all.
%NIC-6-508100: Packager, Packager, -, -, -, -, Detail: 31676: Device x.x.x.x (nic): 48 messages processed
In addition to the constant error message reported in the subject line, I also get this.
Detail: 23648: Failed to determine Active DataStorageDirectory on node <computername>
If I run the following...
FAILED TO LOAD DATA DIRECTORY!!
I'm just after some pointers, from what I can see, there are no services which are failing to start. Any ideas where to start looking?