Multiple "Event Storage Error" events in the Symantec Critical System Protection (SCSP) manager.
Host Name <hostname>
Host IP Address <host IP address>
Event Type Event Storage Error
Category Real Time - Management
Event Severity Warning
Event Priority 55
Event Date 12-Dec-2012 13:59:31 EST
Post Date 12-Dec-2012 13:59:31 EST
Description Data Error(s) In Event record - Invalid Event Type (TRAC
Event Code TRAC
Rule Name EVENT_DATA_CONTENT_ERROR
Message ID 56205
SQL Code 0
Event Data a1=<hostname>, a2=,host IP address>, a3=windows, a4=-240, a5=1, a6=2012-12-12 18:59:17.21, a7=<Agent GUID>, v1=TRAC, v2=160389, v3=2012-12-12 18:59:17.215 Z-0500, v4=T, v5=0, v6=ISR, v7=<>, v8=-1, v13=HttpsHandler::send, v22=Sending Multiple Log Messages,
This issue occurs when TRACE debug is enabled on an agent machine, and the machine is configured to send ALL events to the manager.
By design, TRACE logs are not written to the database. These logs are to be used to troubleshoot Agent machine issues, and should not be sent to the manager. Due to the sheer verbosity of the TRACE debug messages, the SCSP manager will not write these logs to the database in order to prevent database space/storage issues.
You will encounter the error above when TRACE logs are attempted to be written to the database.
From the manager, adjust the detection and prevention configurations that are applied to the agent machine(s). If you have selected "ANY" from the event type, the agents will attempt to send in any logs connected with TRACE level debugging.
You can also disable trace debugging on the agent by running "sisipsconfig -trace" from the command line.
Imported Document ID: TECH201286
Subscribing will provide email updates when this Article is updated. Login is required.