aantrim 0 Posted February 26, 2016 Share Posted February 26, 2016 Threat tab fails to load the data. I get different errors after some time of trying to load: Failed to load data - Retry Network time out Failed to load data: Not enough memory to deserialize response on webserver Multiple restarts of the Virtual Appliance do not resolve. Thinking it is problem with database size Any thoughts? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted February 29, 2016 ESET Staff Share Posted February 29, 2016 Threat tab fails to load the data. I get different errors after some time of trying to load: Failed to load data - Retry Network time out Failed to load data: Not enough memory to deserialize response on webserver Multiple restarts of the Virtual Appliance do not resolve. Thinking it is problem with database size Any thoughts? All mentioned errors are performance-related as you noted. Could you please provide some configuration details? Free memory? Number of connecting computers? Have you had some "infection" in environment that could cause huge number of security event's to be received? As a workaround you may try to reserve more RAM for this machine or use more strict filter for this kind of reports. If I recall correctly, there is default filter for last 7 days - can you try to change it so that less data will be processed? Also we would appreciate if you could provide as more diagnostic information - if you enable full trace.log verbosity of SERVER (debug level in configuration) and access "Threats view", you may see something like this: 2016-02-29 08:51:49 Information: CDatabaseModule [Thread 7f2de67fc700]: Reports SQL: SELECT C.computer_uuid,C.computer_name,C.computer_comment,C.muted,NAIPV4.ip_address,NAIPV6.ip_address,FT.product,FT.description,FT.cause,FT.action,FT.severity,FT.occurred,FT.csn,FT.action_details,FT.restart_required,FT.scanner,FT.object_type,FT.object,FT.process_name,FT.circumstances,FT._user,FT.number_of_occurrences,FT.source_address,FT.source_port,FT.target_address,FT.target_port,FT.protocol,FT.inbound_communication,FTM.muted FROM tbl_computers_ids AS CID JOIN tbl_computers AS C ON C.computer_id=CID.id LEFT OUTER JOIN vw_frontend_threats AS FT ON FT.sourceuuid_id=C.computer_id LEFT OUTER JOIN vw_network_ipv4addresses_aggr AS NAIPV4 ON NAIPV4.source_uuid=C.computer_uuid LEFT OUTER JOIN vw_network_ipv6addresses_aggr AS NAIPV6 ON NAIPV6.source_uuid=C.computer_uuid LEFT OUTER JOIN vw_log_newest_threatsmute_event AS FTM ON FTM.sourceuuid=FT.sourceuuid AND FTM.logid_product=FT.product AND FTM.sequence_no=FT.sequence_no WHERE (FT.product <> 0) AND (FT.severity IN (3,4,5,6)) AND (((FTM.muted = 0)) OR (FTM.muted IS NULL)) AND (C.removed = 0) 2016-02-29 08:51:49 Information: CDatabaseModule [Thread 7f2de67fc700]: Reports time: total: 6ms (cpu) total: 22ms from mem: 0ms to db: 0ms from db: 0ms guard: 0ms sql exec: 2ms 2016-02-29 08:51:49 Information: CDatabaseModule [Thread 7f2de67fc700]: Reports rows: read: 0 to db: 3 from db: 0 2016-02-29 08:51:49 Information: CDatabaseModule [Thread 7f2de67fc700]: Reports: protobuf size: 0.00 MB in SERVER's trace.log, which will tell us how many data it is actually loading from database. Link to comment Share on other sites More sharing options...
aantrim 0 Posted March 2, 2016 Author Share Posted March 2, 2016 Thank you for the feedback. Turns out it was related to my login profile. I used admin account to remove user profile and re-add. Threats tab returned to normal. Link to comment Share on other sites More sharing options...
Recommended Posts