Unable to run Flow Forensics reports, MySQLCSE service crashing
search cancel

Unable to run Flow Forensics reports, MySQLCSE service crashing


Article ID: 213821


Updated On:


CA Network Flow Analysis (NetQos / NFA)


1) Error message when running a flow forensics report:

"Error executing flow forensics reports on host (harvester address)."

2) The MysqlCSE service on the harvester crashes and must be restarted.

3) In the Oursql log on the harvester, we see this message:

9bacda73d7    NFAStorageEngine64.dll!CloseFileScan()
9bacda83c2    NFAStorageEngine64.dll!CloseFileScan()
9bacdac885    NFAStorageEngine64.dll!GetNextRow()
7ffdf2363572    ha_nfa.dll!???
7ff78f80f360    [email protected]@@[email protected]@@Z()
7ff78f81489c    [email protected]@@[email protected]@[email protected]()
7ff78f81350f    [email protected]@@[email protected]()
7ff78fd0756e    [email protected][email protected]@UEAAHXZ()
7ff78fa1adc3    [email protected][email protected]@[email protected]()
7ff78fcfb99b    [email protected]@[email protected]@[email protected]@[email protected]@[email protected]()
7ff78fcf677a    [email protected]@@[email protected]@[email protected]@@@@[email protected]@[email protected]()
7ff78fcf826b    [email protected]@@QEAAXXZ()
7ff78f9987b1    [email protected]@[email protected]@[email protected]@[email protected]@[email protected]()
7ff78f82c2a4    [email protected]@[email protected]@[email protected]@[email protected]@@Z()
7ff78f82de36    [email protected]@[email protected]@[email protected]()
7ff78f831818    [email protected]@[email protected]@[email protected]@@Z()
7ff78f82ad73    [email protected]@[email protected]@[email protected]@[email protected]@@Z()
7ff78f82bd1a    [email protected]@[email protected]@@Z()
7ff78f7f5c3c    mysqld.exe!handle_connection()
7ff7900b97c2    [email protected]@[email protected]()
7ff78fe6375c    mysqld.exe!my_thread_once()
7ffdf6804f6b    MSVCR120.dll!_beginthreadex()
7ffdf6805098    MSVCR120.dll!_endthreadex()
7ffe058413f2    KERNEL32.DLL!BaseThreadInitThunk()
7ffe07f554f4    ntdll.dll!RtlUserThreadStart()


Error presented in NFA versions 10.0.3, 10.0.4, and 10.0.6


The root cause as per development:

"Some templates from some devices are corrupted. So while processing the flows some required template information is missing causing the service to crash."


Patch generated for NFA 10.0.6 to change the way NFA deals with corrupt flow templates.


Request this patch from Broadcom Support.

****If you are currently running a version prior to NFA 10.0.6, you should upgrade to make use of the patch.***