OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: FW: "DB High water-mark reached" How can I get rid of this?
From: Richard Sears (rsearsSavingsBankofWalpole.com)
Date: Tue Jun 20 2000 - 08:15:43 CDT


TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

-----Original Message-----
From: Richard Sears
Sent: Tuesday, June 20, 2000 8:58 AM
To: 'Phattrapha Ninlapat'
Subject: RE: "DB High water-mark reached" How can I get rid of this?

Dear Phattrapha,

I do have some documentation that I can share with you. The first few
paragraphs describe the symptoms and the remainder outlines the actions that
I took to fix the problem. I hope this helps you. Let me know how you
progress, I'll be interested in the outcome.

Good luck,
Rick Sears

Following is a message I sent to issforumiss.net

I posted this message a few weeks ago and have gotten some suggestions on
how to fix the problem outlined below but, have been unsuccessful. I thought
if I was a little more detailed with my description that perhaps someone
might know what to do to remedy my situation, other than installing massive
amounts of memory, which was one suggestion that I got from someone. Do you
really think it's a problem that throwing tons of memory at will fix, or is
it that the CPU isn't fast enough? Is it a configuration issue? Is it all of
the above? Please, let me remind you that this was a problem that developed
over time and which was not evident for the first nine months I used
RealSecure. I can't think of any changes that have been made in the network
that would cause this.

The problem or group of problems involves ISS RealSecure 3.2. I can't get
rid of the error message, "DB High water-mark reached," which shows up in
the RSCONSOLE machine's High Priority Event log. This event is also filling
the Windows NT event viewer application log on the machine which monitors
the internal network traffic. I have tried everything suggested in the
"help" and any documentation supplied with RealSecure. When this came to my
attention the default settings for the "Dynamic Database Upload" was not
enabled by default - I was syncing them manually. I have two detectors
(running the network_engines) one is monitoring the internal network,
machine named RS2, and the other the traffic from the Internet, machine
named RS1. RS1 seems to be functioning fine. Let me describe the symptoms of
RS2.

1. The CPU will max out at 100% usage. In the Task Manager Processes
tab the Image Name network_engine uses all available CPU. Memory Usage by
the service seems to consistently stay at about 70% of total system memory.
2. When I go into Control Panel Services and stop the Daemon Service
(which can take a long time due to the processor being tied up) the
processor time returns to System Idle Process.
3. When the DB Sync occurs the RSCONSOLE appears to be frozen in the
detector pane. The Detector DB Progress remains at "Auto Sync: 0 of 50000"
there doesn't appear to be anything happening. Sometimes the Detector DB
Progress will indicate a synchronization error and sometimes (most of the
time it just seems to hang at "Auto Sync: 0 of 50000") for the detector on
RS2. This is being caused by heavy CPU utilization on the network_engine on
RS2. When the sync is successful the "DB High water-mark reached" messages
will diminish for a time but their frequency will increase over time until
there is another successful sync of the DB.
4. I have attempted to fix the problem in with the following remedies.
In Maintain Log, I have increased "Maximum Records in Log" from the
default of 50000 to progressively higher settings
Decreasing "DB Sync HighWater Mark" percentage from the default of
90% to progressively lower settings
In Maintain Logs, I deleted some of the console log history

None of these have fixed the problem yet...

I have to reboot RS2 or stop the Daemon to get it back to a normal
operation, where the processor isn't screaming to a point where I think it's
going to melt! This is only temporary - until the database attempts
synchronization, then RS2 will be right back at 100% CPU usage. The three
dedicated machines in question have PII 350 with 128 Meg of ram. HELP!

One of the respondents said. "but have you tried setting the logs to about
10,000 and then set the dynamic upload to 50%."

This seemed to solve the problem of the CPU usage for a short time, but the
DB High water-mark Reached error is still showing up in the event log on
RS2, and the CPU and memory behavior returned after a short time as well.

06/13/2000

Nathan from ISS tech support gave me a call and worked this issue through
with me. He had me do the following:

1. Made a backup copy and compressed to zip rsntclientlog.mdb.
2. With ODBC administrator, attempted to repair and compact the
rsntclientlog.mdb which failed.
3. Nathan emailed a clean copy of rsntclientlog.mdb, which I overwrote,
the old one with. This failed to give the desired result.
4. Uninstalled and reinstalled the network engine on RS2.
5. Copied the sbw inside policy, sbw outside policy, and iss.key files
to a temp directory.
6. Uninstalled all occurrences of the RealSecure Console from the
RSCONSOLE machine. Reinstalled the 3.2.1 console.
7. Copied the keys to their appropriate directories on all the
machines, including the iss.key file.
8. Started the console and monitored both the detectors
9. Imported and applied the appropriate policy to their detectors.
10. Successfully synced the database manually.
11. Set the Database to sync automatically at 50% of 10000 records.

All seems to be working well now. Nathan made the suggestion that we go into
ODBC Admin to perform a compact of rsntclientlog when its size exceeds 700
megabytes. He also suggest that we put at least another 128 MB of memory
into RS2.

-----Original Message-----
From: Phattrapha Ninlapat [mailto:phattrapha.ncdg.co.th]
Sent: Tuesday, June 20, 2000 7:55 AM
To: Richard Sears
Subject: Re: "DB High water-mark reached" How can I get rid of this?

Dear Sears,

I have a same problem as you. Did you get some advise for this problem.

Thanks in advance.

Regards,

Richard Sears wrote:

> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
> majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
>
----------------------------------------------------------------------------
>
> I've got somewhat of a problem or group of problems which involve ISS
> RealSecure 3.2. I can't get rid of the error message, "DB High water-mark
> reached." I have tried everything suggested in the "help"
> I have two detectors and the one that seems to be causing the problem
shows
> these errors in the event log. The application view in the event log keeps
> filling with these events. Plus this particular detector always seems to
be
> "maxed out" and I have to reboot to get it back to a normal operation,
where
> the processor isn't screaming to a point where I think it's going to melt!
> The machine in question has plenty of processor power (350 PII) with 256
Meg
> of ram. In fact all of the machines (Daemons and Console) are the same. Oh
> yea, I am also having some problems synchronizing the database. This was
one
> of the suggested measures to be taken by the online help in the console,
it
> said that to get rid of the DB High water-mark message to sync the DB in
> fewer records. This hasn't fixed the problem. HELP!

--
Regards,
Phattrapha N.

Internet & Security Department, Logic Co,Ltd 202 Nanglinchi Rd, Chongnonsi, Yannawa, Bangkok 10120 Thailand

Tel. (662) 678-0478 ext. 3546 Fax (662) 678-0490