AV Agent Audit Trail Issue Can Not Start Up.
I'm facing the AV Agent Audit Trail Can Not Start up issue.
Env:
-----------------------------
DB: DB2 v9.1
OS: AIX 6.1
AVDF: 12.1.0.1
-----------------------------
AV Agent has been deployed on database host.
I have add some audit trails, all these can not start up, please check the below screen shot,
for trail "/home/db2inst5/trail", shows the error message "av.collector.SOURCE_VERSION_IS_NULL"
AV Agent can start commally in the AV Server Management Page, and I have utilized "DB282ExtractionUtil" to extract DB2 audit log to ASCII Text file under Audit Trail "/home/db2inst5/trail", ASCII Text file has been generated, but Audit Trail can not start up, avsys.event_log show no data from AV Agent.
AVCLI> LIST TRAIL FOR SECURED TARGET db2inst5;
-----------------------------------------------------------------------------------------------------------------------------------
| AUDIT_TRAIL_TYPE | HOST | LOCATION | STATUS | REQUEST_STATUS | ERROR_MESSAGE |
===================================================================================================================================
| DIRECTORY | db2inst5 | /home/db2inst5/av/extractionpath | STOPPED | | av.collector.SOURCE_VERSION_IS_NULL |
| DIRECTORY | db2inst5 | /home/db2inst5/trail | STOPPED | | av.collector.SOURCE_VERSION_IS_NULL |
| NETWORK | db2inst5 | | STOPPED | | Unable to start hostmonitor process |
-----------------------------------------------------------------------------------------------------------------------------------
and in the av.server.avcli-24969240-0.log from the attach, following errors are shown,
----------------------------------------------------------------------------------------------------------------------------------------------------------------
$ tail -1000 av.server.avcli-24969240-0.log
[2013-03-13T20:40:35.482+08:00] [server] [ERROR] [] [avcli] [tid: 10] [ecid: 1439958188:67722:1363178435548:0,0] invalid command "list" - rest of line ignored.
[2013-03-13T20:42:18.178+08:00] [server] [ERROR] [] [avcli] [tid: 10] [ecid: 1439958188:67722:1363178435548:0,0] invalid command "list" - rest of line ignored.
$ tail -1000 av.collector.Source_db2inst5-trail_27-17236180-0.log
[2013-03-13T20:42:04.601+08:00] [collector] [ERROR] [] [Source_db2inst5-trail_27] [tid: 10] [ecid: 1439958188:58483:1363178524612:0,0] DB2AuditDataSource : getDBSourceVersion : Error getting source version information by connecting to source[[
java.sql.SQLException: [Audit Vault][DB2 JDBC Driver][DB2]DISTRIBUTION PROTOCOL ERROR CAUSED DEALLOC: REASON 0x124C"("0103")" (null)
at oracle.av.platform.jdbc.db2base.ddb8.a(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddb8.b(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddb8.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddn.c(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddn.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddp.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddm.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddn.b(Unknown Source)
at oracle.av.platform.jdbc.db2.ddg.g(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddc0.f(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.y(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.e(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.u(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.executeQuery(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at oracle.ucp.jdbc.proxy.StatementProxyFactory.invoke(StatementProxyFactory.java:230)
at $Proxy19.executeQuery(Unknown Source)
at oracle.av.plugin.db2db.collector.DB2AuditDataSource.getSourceDBVersion(DB2AuditDataSource.java:741)
at oracle.av.plugin.db2db.collector.DB2AuditDataSource.initializeToSource(DB2AuditDataSource.java:166)
at oracle.av.plugin.db2db.collector.DB2AuditEventCollector.initializeCollector(DB2AuditEventCollector.java:97)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.initialize(CollectionController.java:311)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.process(CollectionController.java:397)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.run(CollectionController.java:345)
at java.lang.Thread.run(Thread.java:811)
]]
[2013-03-13T20:42:04.618+08:00] [collector] [ERROR] [] [Source_db2inst5-trail_27] [tid: 10] [ecid: 1439958188:58483:1363178524612:0,0] DB2AuditDataSource : getSourceDBVersion : Source Version Attribute is NULL
----------------------------------------------------------------------------------------------------------------------------------------------------------------
Do you have any suggestions? Any reply will be appraciate.
many thanks,
Royal.
Env:
-----------------------------
DB: DB2 v9.1
OS: AIX 6.1
AVDF: 12.1.0.1
-----------------------------
AV Agent has been deployed on database host.
I have add some audit trails, all these can not start up, please check the below screen shot,
for trail "/home/db2inst5/trail", shows the error message "av.collector.SOURCE_VERSION_IS_NULL"
AV Agent can start commally in the AV Server Management Page, and I have utilized "DB282ExtractionUtil" to extract DB2 audit log to ASCII Text file under Audit Trail "/home/db2inst5/trail", ASCII Text file has been generated, but Audit Trail can not start up, avsys.event_log show no data from AV Agent.
AVCLI> LIST TRAIL FOR SECURED TARGET db2inst5;
-----------------------------------------------------------------------------------------------------------------------------------
| AUDIT_TRAIL_TYPE | HOST | LOCATION | STATUS | REQUEST_STATUS | ERROR_MESSAGE |
===================================================================================================================================
| DIRECTORY | db2inst5 | /home/db2inst5/av/extractionpath | STOPPED | | av.collector.SOURCE_VERSION_IS_NULL |
| DIRECTORY | db2inst5 | /home/db2inst5/trail | STOPPED | | av.collector.SOURCE_VERSION_IS_NULL |
| NETWORK | db2inst5 | | STOPPED | | Unable to start hostmonitor process |
-----------------------------------------------------------------------------------------------------------------------------------
and in the av.server.avcli-24969240-0.log from the attach, following errors are shown,
----------------------------------------------------------------------------------------------------------------------------------------------------------------
$ tail -1000 av.server.avcli-24969240-0.log
[2013-03-13T20:40:35.482+08:00] [server] [ERROR] [] [avcli] [tid: 10] [ecid: 1439958188:67722:1363178435548:0,0] invalid command "list" - rest of line ignored.
[2013-03-13T20:42:18.178+08:00] [server] [ERROR] [] [avcli] [tid: 10] [ecid: 1439958188:67722:1363178435548:0,0] invalid command "list" - rest of line ignored.
$ tail -1000 av.collector.Source_db2inst5-trail_27-17236180-0.log
[2013-03-13T20:42:04.601+08:00] [collector] [ERROR] [] [Source_db2inst5-trail_27] [tid: 10] [ecid: 1439958188:58483:1363178524612:0,0] DB2AuditDataSource : getDBSourceVersion : Error getting source version information by connecting to source[[
java.sql.SQLException: [Audit Vault][DB2 JDBC Driver][DB2]DISTRIBUTION PROTOCOL ERROR CAUSED DEALLOC: REASON 0x124C"("0103")" (null)
at oracle.av.platform.jdbc.db2base.ddb8.a(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddb8.b(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddb8.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddn.c(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddn.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddp.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddm.a(Unknown Source)
at oracle.av.platform.jdbc.db2.drda.ddn.b(Unknown Source)
at oracle.av.platform.jdbc.db2.ddg.g(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddc0.f(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.y(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.e(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.u(Unknown Source)
at oracle.av.platform.jdbc.db2base.ddek.executeQuery(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at oracle.ucp.jdbc.proxy.StatementProxyFactory.invoke(StatementProxyFactory.java:230)
at $Proxy19.executeQuery(Unknown Source)
at oracle.av.plugin.db2db.collector.DB2AuditDataSource.getSourceDBVersion(DB2AuditDataSource.java:741)
at oracle.av.plugin.db2db.collector.DB2AuditDataSource.initializeToSource(DB2AuditDataSource.java:166)
at oracle.av.plugin.db2db.collector.DB2AuditEventCollector.initializeCollector(DB2AuditEventCollector.java:97)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.initialize(CollectionController.java:311)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.process(CollectionController.java:397)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.run(CollectionController.java:345)
at java.lang.Thread.run(Thread.java:811)
]]
[2013-03-13T20:42:04.618+08:00] [collector] [ERROR] [] [Source_db2inst5-trail_27] [tid: 10] [ecid: 1439958188:58483:1363178524612:0,0] DB2AuditDataSource : getSourceDBVersion : Source Version Attribute is NULL
----------------------------------------------------------------------------------------------------------------------------------------------------------------
Do you have any suggestions? Any reply will be appraciate.
many thanks,
Royal.
