SCSP Bulk Event Loader
File Path/Name: C:\Temp\Events\SISRTEvents28197.zip
Integrity Override: ON
Destination Table: CSPEVENT
Database Connection: DEFAULT
Database User: DEFAULT
Processing events file...
Error loading events:
java.lang.Exception: Error: Invalid bulk event file -- no manifest.
Please be sure the zipfile is an event file.
No events processed.
In order for the data loading process to function correctly when processing events en masse--it needs to know the Guid of the computer from which the events came, and match it with a valid asset within the database. In order for it to do this it needs to be provided with the correct Guid within a file known as the "manifest".
Data Center Security 6.9.1
1. Open one of the .csv files compressed in the zip file
2. On the very first line the Guid will be the long series of characters between the 14th and 15th commas.
Example: MSOF,0,2015-03-23 06:16:14.000 Z+0530,I,,,,,,,win2k3-r2-simu2,unknown,unknown,windows,hhbzHEFzITfEz0EWTJZvRNPhlewhdihzJaJw8DMmXF4*:-2fe9af7e:14c2c11cb8d:-774f,C:\Program Files (x86)\Symantec\Data Center Security Server\Agent\sdcsslog\SISIDSEvents.csv,,E,18.104.22.1685
3. Create a text file: Events.mnf
4. Open the newly created file and insert the line: Guid:<guid>
5. Save the manifest file and insert it into each zip file containing event files needing to be processed.
NOTE: If you are unsure if the Guid being used is correct or not one of the following SQL queries can be run via SQL Management Studio against SCSPDB
-- Run copy the Guid from the first line of a .csv event file and paste it into the value for the variable @Guid
declare @Guid nvarchar(255) = 'CTxu06N4Qre2r9C14PbJOZnKhZ-Laury47+tWVUr7KI*:-76f42c59:17c9cd6c0c7:-7fc6'
select Hostname, IPAddress, OSType, OSVersion, AgentAge, LastAppRequestDate
where Guid = @Guid
If the above query returns nothing or if it returns the name of a computer not expected you can look up the current operating Guid for the computer by plugging the computer's name into the following query and running it against the database:
declare @computerName nvarchar(50) = 'Gollum'
select Hostname, IPAddress, OSType, OSVersion, AgentAge, LastAppRequestDate, Guid
where Hostname = @computerName