Unable to run Flow Forensics reports, MySQLCSE service crashing
search cancel

Unable to run Flow Forensics reports, MySQLCSE service crashing

book

Article ID: 213821

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

1) Error message when running a flow forensics report:

"Error executing flow forensics reports on host (harvester address)."

2) The MysqlCSE service on the harvester crashes and must be restarted.

3) In the Oursql log on the harvester, we see this message:

9bacda73d7    NFAStorageEngine64.dll!CloseFileScan()
9bacda83c2    NFAStorageEngine64.dll!CloseFileScan()
9bacdac885    NFAStorageEngine64.dll!GetNextRow()
7ffdf2363572    ha_nfa.dll!???
7ff78f80f360    [email protected]@@[email protected]@@Z()
7ff78f81489c    [email protected]@@[email protected]@[email protected]()
7ff78f81350f    [email protected]@@[email protected]()
7ff78fd0756e    [email protected][email protected]@UEAAHXZ()
7ff78fa1adc3    [email protected][email protected]@[email protected]()
7ff78fcfb99b    [email protected]@[email protected]@[email protected]@[email protected]@[email protected]()
7ff78fcf677a    [email protected]@@[email protected]@[email protected]@@@@[email protected]@[email protected]()
7ff78fcf826b    [email protected]@@QEAAXXZ()
7ff78f9987b1    [email protected]@[email protected]@[email protected]@[email protected]@[email protected]()
7ff78f82c2a4    [email protected]@[email protected]@[email protected]@[email protected]@@Z()
7ff78f82de36    [email protected]@[email protected]@[email protected]()
7ff78f831818    [email protected]@[email protected]@[email protected]@@Z()
7ff78f82ad73    [email protected]@[email protected]@[email protected]@[email protected]@@Z()
7ff78f82bd1a    [email protected]@[email protected]@@Z()
7ff78f7f5c3c    mysqld.exe!handle_connection()
7ff7900b97c2    [email protected]@[email protected]()
7ff78fe6375c    mysqld.exe!my_thread_once()
7ffdf6804f6b    MSVCR120.dll!_beginthreadex()
7ffdf6805098    MSVCR120.dll!_endthreadex()
7ffe058413f2    KERNEL32.DLL!BaseThreadInitThunk()
7ffe07f554f4    ntdll.dll!RtlUserThreadStart()

Environment

Error presented in NFA versions 10.0.3, 10.0.4, and 10.0.6

Cause

The root cause as per development:

"Some templates from some devices are corrupted. So while processing the flows some required template information is missing causing the service to crash."

Resolution

Patch generated for NFA 10.0.6 to change the way NFA deals with corrupt flow templates.

NFA_10.0.6_PTF_002

Request this patch from Broadcom Support.

****If you are currently running a version prior to NFA 10.0.6, you should upgrade to make use of the patch.***

Powered by Wolken Software