App Control: Syslog Fails with Reporter Error "SyslogGetEvents - Log level must be defined"
search cancel

App Control: Syslog Fails with Reporter Error "SyslogGetEvents - Log level must be defined"


Article ID: 290291


Updated On:


Carbon Black App Control (formerly Cb Protection)


  • "SyslogGetEvents" task keeps erroring out on the Support.php > Scheduled Tasks page
  • the following error is reported in the Reporter.log file:
ERROR DatabaseConnectionWrapper - Database task exception: SyslogGetEvents - Log level must be defined
WARN DatabaseConnectionWrapper - System.InvalidOperationException: Log level must be defined


  • App Control Server: All Supported Versions


  • Error occurs when the "Priority" column of an incoming event is outside the expected range of 0 to 7
  • Corrupt agents sending erroneous event data


The following workaround is available until a permanent fix is released:
  1. Ensure there is a recent DB backup
  2. Stop the App Control Reporter Service
  3. Open SQL Mgmt Studio > Das > Programmability > Stored Procedures > Right click the "SyslogGetEvents" > Modify
  4. Find the following line: 
    priority_id as priority,
  5. Comment it out and replace it with the following line:
    --priority_id as priority,
    CASE WHEN (priority_id >=0 AND priority_id <=7) THEN priority_id ELSE 0 END as priority,
  6. Execute the script to update the procedure
  7. Start the App Control Reporter Service
  8. To check for corrupted agents that are sending events with invalid "Priority" data use the following SQL query:
    use das; select Source from dbo.EventsGUI(1033) where priority_id < 0 or priority_id > 7 group by Source

Additional Information

This issue is tracked as EP-15124 and is scheduled for resolution in the upcoming 8.9 server version