4 Replies Latest reply on Mar 13, 2013 7:37 PM by Royal

    AV Agent Audit Trail Issue Can Not Start Up.

    Royal
      I'm facing the AV Agent Audit Trail Can Not Start up issue.

      Env:
      -----------------------------
      DB: DB2 v9.1
      OS: AIX 6.1
      AVDF: 12.1.0.1
      -----------------------------

      AV Agent has been deployed on database host.

      I have add some audit trails, all these can not start up, please check the below screen shot,

      for trail "/home/db2inst5/trail", shows the error message "av.collector.SOURCE_VERSION_IS_NULL"


      AV Agent can start commally in the AV Server Management Page, and I have utilized "DB282ExtractionUtil" to extract DB2 audit log to ASCII Text file under Audit Trail "/home/db2inst5/trail", ASCII Text file has been generated, but Audit Trail can not start up, avsys.event_log show no data from AV Agent.


      AVCLI> LIST TRAIL FOR SECURED TARGET db2inst5;
      -----------------------------------------------------------------------------------------------------------------------------------
      | AUDIT_TRAIL_TYPE | HOST | LOCATION | STATUS | REQUEST_STATUS | ERROR_MESSAGE |
      ===================================================================================================================================
      | DIRECTORY | db2inst5 | /home/db2inst5/av/extractionpath | STOPPED | | av.collector.SOURCE_VERSION_IS_NULL |
      | DIRECTORY | db2inst5 | /home/db2inst5/trail | STOPPED | | av.collector.SOURCE_VERSION_IS_NULL |
      | NETWORK | db2inst5 | | STOPPED | | Unable to start hostmonitor process |
      -----------------------------------------------------------------------------------------------------------------------------------

      and in the av.server.avcli-24969240-0.log from the attach, following errors are shown,

      ----------------------------------------------------------------------------------------------------------------------------------------------------------------
      $ tail -1000 av.server.avcli-24969240-0.log
      [2013-03-13T20:40:35.482+08:00] [server] [ERROR] [] [avcli] [tid: 10] [ecid: 1439958188:67722:1363178435548:0,0] invalid command "list" - rest of line ignored.
      [2013-03-13T20:42:18.178+08:00] [server] [ERROR] [] [avcli] [tid: 10] [ecid: 1439958188:67722:1363178435548:0,0] invalid command "list" - rest of line ignored.
      $ tail -1000 av.collector.Source_db2inst5-trail_27-17236180-0.log
      [2013-03-13T20:42:04.601+08:00] [collector] [ERROR] [] [Source_db2inst5-trail_27] [tid: 10] [ecid: 1439958188:58483:1363178524612:0,0] DB2AuditDataSource : getDBSourceVersion : Error getting source version information by connecting to source[[
      java.sql.SQLException: [Audit Vault][DB2 JDBC Driver][DB2]DISTRIBUTION PROTOCOL ERROR CAUSED DEALLOC: REASON 0x124C"("0103")" (null)
      at oracle.av.platform.jdbc.db2base.ddb8.a(Unknown Source)
      at oracle.av.platform.jdbc.db2base.ddb8.b(Unknown Source)
      at oracle.av.platform.jdbc.db2base.ddb8.a(Unknown Source)
      at oracle.av.platform.jdbc.db2.drda.ddn.c(Unknown Source)
      at oracle.av.platform.jdbc.db2.drda.ddn.a(Unknown Source)
      at oracle.av.platform.jdbc.db2.drda.ddp.a(Unknown Source)
      at oracle.av.platform.jdbc.db2.drda.ddm.a(Unknown Source)
      at oracle.av.platform.jdbc.db2.drda.ddn.b(Unknown Source)
      at oracle.av.platform.jdbc.db2.ddg.g(Unknown Source)
      at oracle.av.platform.jdbc.db2base.ddc0.f(Unknown Source)
      at oracle.av.platform.jdbc.db2base.ddek.y(Unknown Source)
      at oracle.av.platform.jdbc.db2base.ddek.e(Unknown Source)
      at oracle.av.platform.jdbc.db2base.ddek.u(Unknown Source)
      at oracle.av.platform.jdbc.db2base.ddek.executeQuery(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:618)
      at oracle.ucp.jdbc.proxy.StatementProxyFactory.invoke(StatementProxyFactory.java:230)
      at $Proxy19.executeQuery(Unknown Source)
      at oracle.av.plugin.db2db.collector.DB2AuditDataSource.getSourceDBVersion(DB2AuditDataSource.java:741)
      at oracle.av.plugin.db2db.collector.DB2AuditDataSource.initializeToSource(DB2AuditDataSource.java:166)
      at oracle.av.plugin.db2db.collector.DB2AuditEventCollector.initializeCollector(DB2AuditEventCollector.java:97)
      at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.initialize(CollectionController.java:311)
      at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.process(CollectionController.java:397)
      at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.run(CollectionController.java:345)
      at java.lang.Thread.run(Thread.java:811)

      ]]
      [2013-03-13T20:42:04.618+08:00] [collector] [ERROR] [] [Source_db2inst5-trail_27] [tid: 10] [ecid: 1439958188:58483:1363178524612:0,0] DB2AuditDataSource : getSourceDBVersion : Source Version Attribute is NULL
      ----------------------------------------------------------------------------------------------------------------------------------------------------------------

      Do you have any suggestions? Any reply will be appraciate.

      many thanks,
      Royal.
        • 1. Re: AV Agent Audit Trail Issue Can Not Start Up.
          IBarr
          Have you set the av.collector.databasename collection attribute?

          regards,

          Iain Barr
          Ategrity Solutions Ltd
          • 2. Re: AV Agent Audit Trail Issue Can Not Start Up.
            Royal
            Iain Barr,

            Thanks for your response,

            I have set collection attribute as:

            av.collector.databasename     nns

            Regards,
            • 3. Re: AV Agent Audit Trail Issue Can Not Start Up.
              Royal
              From the error raised by java:

              Source Version Attribute is NULL
              at oracle.av.plugin.db2db.collector.DB2AuditEventCollector.initializeCollector(DB2AuditEventCollector.java:97)

              from the source code whch I decompile DB2AuditDataSource.java
              ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
              .......
              versionStr = m_collectorContext.getAttribute("securedTargetVersion");
              releaseConnection();
              break MISSING_BLOCK_LABEL_213;
              AuditEventCollectorException aece;
              aece;
              m_avlogger.logError("DB2AuditDataSource", "getDBSourceVersion", "Error getting source version information by connecting to source", aece);
              m_avlogger.logInfo("DB2AuditDataSource", "getDBSourceVersion", "check if source version is available as collection attribute");
              versionStr = m_collectorContext.getAttribute("securedTargetVersion");
              releaseConnection();
              break MISSING_BLOCK_LABEL_213;
              Exception exception;
              exception;
              releaseConnection();
              throw exception;
              m_avlogger.logInfo("DB2AuditDataSource", "getSourceDBVersion", (new StringBuilder()).append("Source DB version = ").append(versionStr).toString());
              if(versionStr == null || versionStr.equals(""))
              {
              m_avlogger.logError("DB2AuditDataSource", "getSourceDBVersion", "Source Version Attribute is NULL");
              throw new AuditEventCollectorException("av.collector.SOURCE_VERSION_IS_NULL.8030", null, null);
              }
              .......
              ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

              I don't know why "versionStr = m_collectorContext.getAttribute("securedTargetVersion");" return null, so that it raised error
              "Source Version Attribute is NULL"!!!!

              and what does it mean by Attribute("securedTargetVersion");" and how can I get the work around for this issue!

              Many thanks.
              Royal.
              • 4. Re: AV Agent Audit Trail Issue Can Not Start Up.
                Royal
                Hello,

                It is really urgent, do your experts have any advice? Any would a be greate help!

                Millions of thanks,
                Royal.