Skip to main content

Trellix IPS - No Data Showing for Alert Statistic in NSM

Updated

No Data for Alert Statistic in Trellix NSM

1. Introduction

  • User unable to view all the alert statistic data
  • This issue is important to resolve as the data showing summary of alert reported 

2. Symptoms

  • Loss of data on how much alert is calculated.
  • The error messages shows “Retry in a few minutes”

3. Prerequisites/Initial Checks

  • Trellix support requests below information for their troubleshooting.
  1. Infocollector logs
  2. All Table Backup
  3. Screenshot of Alert Statistic page
  4. Fault report for the last 7 days
  5. User Activity report for the last 7 days

4. Common Causes and solution

  • This issue is caused by the missing tables in MariaDB.
  • Trellix support advice is to rebuild all the missing tables.
  • Below is all the table that is missing in MariaDB
  1. iv_app_viz_weekly_data
  2. iv_perf_mon_last_update_time
  3. iv_perf_mon_hourly_data
  4. iv_seq_trend_day_data_id
  5. iv_alert_type6_alerts
  6. iv_seq_trend_hourly_data_id
  7. iv_app_viz_hourly_data
  8. iv_app_viz_last_update_time
  9. iv_perf_mon_weekly_data
  10. iv_perf_mon_daily_data
  11. iv_trend_hourly_data
  12. iv_trend_day_data
  13. iv_app_viz_monthly_data
  14. iv_perf_mon_monthly_data
  15. iv_attacks_seen_on_specific_day

5. Solving Steps

  1. Turned off watchdog service
  • watchdog stop -- stops watchdog service
  • watchdog status -- check to confirm service is stopped
  1. Logged into shell to perform a database table error check via the following commands
  • cd opt/IPSManager/App/bin
  • sudo -u admin ./dbcheck_installer.sh error
  1. Then tailed the logs created by this script to see which tables are having issues
  • cd /opt/IPSManager/App/logs/
  • tail -f dbconsistency.log
  1. Then went into our MariaDB service on the Manager to and set the current database to "LF".
  • cd opt/IPSManagar/Mariadb/bin
  • ./mariadb -u root -p (once in MariaDB) USE lf;
  1. From here, began adding new tables to the database that were requested of us per Trellix backend engineering team's instructions. To validate the actions, we compared results via the command below to make sure the new tables were made successfully.
  • SHOW TABLES LIKE 'tablename%';
  1. The watchdog service was now turned back on.
  • watchdog start -- starts watchdog service
  • watchdog status -- check to confirm service is stopped
  1. Went into the Manager WebUI and noticed data under Manager > Maintenance > Database Pruning > Alert Statistics is revealing more positive behavior than before changes today. However, it will require some time for the database tables to aggregate new data before the statistical data will become more accurate.

6. Conclusion

  • We hope this guide helped you resolve the Alert Statistic not showing data issue. By following these steps, you should now be able to identify and resolve the issue

Note: Kindly refer to the Trellix support team for more information and accuracy in troubleshooting.

Powered by Zendesk