Eventia Analyzer Server crashes

[joeri]

Hi,

I've just did a completely fresh install of the Eventia Suite on R70, upgraded to R70.20, installation was done on an completely new box, with windows 2008. Smartview monitor gives following state:

Log server OK
Eventia Reporter OK
Eventia correlation unit, no events yet, as I didn't configure any logs servers yet.
Eventia Analyzer Server, Error: CPSEMD not running - process appears to be dead

CPSEMD.elg gives this:
failed to read reports configurations
[CPSEMD 300 2340]@hostname[8 Feb 10:49:20] CPSEMD: Mon Feb 08 10:49:20 2010

Off course this last error is quite anoyning, it's completely fresh install even without any configuration on it (just set SIC - which is OK). Did anyone have the same behaviour ? Could it be because nothing is configured yet, the deamon crashes, because it says it cannot read reports configurations ?

[Devon_Custard]

Just to let you know that I have the same error after installing R70.20. However, I have logged a call with my reseller/support company so will post back with any findings.

I initially assumed that it was because I didn't select all three of the Eventia components at install, but I have rebuilt it again with all three and still have the same problem.

[boldin]

If I remember correctly, there's something in the "known limitations" document on the user center for R70.20 as it regards to Eventia suite. You may want to have a quick look there to see if it's already documented.

[Devon_Custard]

I found this on the Checkpoint site: linky

I'll admit I am not overly experienced with the product, but nothing noted there jumps out at me as a reason for it not working.

Any ideas?

[Devon_Custard]

This is what I have been given to do:

Please run the command:

cpwd_admin list

and let us have a copy of the output. If CPSEMD is not listed as running, please run the following debug:

cpwd_admin stop –name CPSEMD
setenv TDERROR_ALL_ALL 5
cpsemd

After the service either starts or fails with errors, please send us a copy of the error log, $RTDIR/log/cpsemd.elg

You should then run the commands

cpstop ; cpstart

to ensure the watchdog monitors CPSEMD

[Devon_Custard]

Found a solution. Simply log onto the SPLAT, elevate to expert mode and type "evconfig", you should see that the eventia product service is not set to start. rectify that, run evstop then evstart and its all good.

[joeri]

Well, this fixed it for me aswell apparently, however now I do run into another "warning" in Smartview monitor: event distributor is not connected. Does anybody have an idea what this means ?

Also quite interesting, I'm able to login to he Reporter, but not the Analyzer (same machine). Maybe that's related to the error above ?

[joeri]

Nevermind the previous post, a reboot fixed the issue :-)

[lammbo]

Quote:

Originally Posted by joeri

Nevermind the previous post, a reboot fixed the issue :-)

Sadly, it usually does with Eventia...

[joeri]

the issue popped up again, I'll have it analysed by Checkkpoint this time to find out what's going on. Looks like the R70 release was quite stable, R70.20 isn't.

[serlud]

Quote:

Originally Posted by joeri

the issue popped up again, I'll have it analysed by Checkkpoint this time to find out what's going on. Looks like the R70 release was quite stable, R70.20 isn't.

Conatact TAC to obtain an hot fix for this issue CPSEMD not running - process appears to be dead for R70.2 (seach in SK for CPSEMD not running - process appears to be dead )