Jump to content

Threat Tab failing to load data


Recommended Posts

Threat tab fails to load the data.  

 

I get different errors after some time of trying to load:

Failed to load data - Retry

Network time out

Failed to load data: Not enough memory to deserialize response on webserver

 

Multiple restarts of the Virtual Appliance do not resolve.  Thinking it is problem with database size

 

Any thoughts?

Link to comment
Share on other sites

  • ESET Staff

Threat tab fails to load the data.  

 

I get different errors after some time of trying to load:

Failed to load data - Retry

Network time out

Failed to load data: Not enough memory to deserialize response on webserver

 

Multiple restarts of the Virtual Appliance do not resolve.  Thinking it is problem with database size

 

Any thoughts?

 

All mentioned errors are performance-related as you noted. Could you please provide some configuration details? Free memory? Number of connecting computers? Have you had some "infection" in environment that could cause huge number of security event's to be received?

As a workaround you may try to reserve more RAM for this machine or use more strict filter for this kind of reports. If I recall correctly, there is default filter for last 7 days - can you try to change it so that less data will be processed?

 

Also we would appreciate if you could provide as more diagnostic information - if you enable full trace.log verbosity of SERVER (debug level in configuration) and access "Threats view", you may see something like this:

2016-02-29 08:51:49 Information: CDatabaseModule [Thread 7f2de67fc700]: Reports SQL: SELECT C.computer_uuid,C.computer_name,C.computer_comment,C.muted,NAIPV4.ip_address,NAIPV6.ip_address,FT.product,FT.description,FT.cause,FT.action,FT.severity,FT.occurred,FT.csn,FT.action_details,FT.restart_required,FT.scanner,FT.object_type,FT.object,FT.process_name,FT.circumstances,FT._user,FT.number_of_occurrences,FT.source_address,FT.source_port,FT.target_address,FT.target_port,FT.protocol,FT.inbound_communication,FTM.muted FROM tbl_computers_ids AS CID JOIN tbl_computers AS C ON C.computer_id=CID.id LEFT OUTER JOIN vw_frontend_threats AS FT ON FT.sourceuuid_id=C.computer_id LEFT OUTER JOIN vw_network_ipv4addresses_aggr AS NAIPV4 ON NAIPV4.source_uuid=C.computer_uuid LEFT OUTER JOIN vw_network_ipv6addresses_aggr AS NAIPV6 ON NAIPV6.source_uuid=C.computer_uuid LEFT OUTER JOIN vw_log_newest_threatsmute_event AS FTM ON FTM.sourceuuid=FT.sourceuuid AND FTM.logid_product=FT.product AND FTM.sequence_no=FT.sequence_no WHERE (FT.product <> 0) AND (FT.severity IN (3,4,5,6)) AND (((FTM.muted = 0)) OR (FTM.muted IS NULL)) AND (C.removed = 0)
2016-02-29 08:51:49 Information: CDatabaseModule [Thread 7f2de67fc700]: Reports time: total: 6ms (cpu)     total: 22ms     from mem: 0ms     to db: 0ms     from db: 0ms     guard: 0ms     sql exec: 2ms
2016-02-29 08:51:49 Information: CDatabaseModule [Thread 7f2de67fc700]: Reports rows: read: 0     to db: 3     from db: 0
2016-02-29 08:51:49 Information: CDatabaseModule [Thread 7f2de67fc700]: Reports: protobuf size: 0.00 MB

in SERVER's trace.log, which will tell us how many data it is actually loading from database.

Link to comment
Share on other sites

Thank you for the feedback.  Turns out it was related to my login profile.  I used admin account to remove user profile and re-add.  Threats tab returned to normal.  

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...