Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Repair Notifications for JSA Appliances

Accumulation is Disabled for The Anomaly Detection Engine

38750121 - Accumulation disabled for the Anomaly Detection Engine.

Explanation

Aggregate data view is disabled or unavailable or a new rule requires data that is unavailable.

A dropped accumulation does not indicate lost anomaly data. The original anomaly data is maintained because accumulations are data sets generated from stored data. The notification provides more details about the dropped accumulation interval.

The anomaly detection engine cannot review that interval of the anomaly data for the accumulation.

User Response

Update anomaly rules to use a smaller data set.

If the notification is a recurring SAR sentinel error, system performance might be the cause of the issue.

An Infrastructure Component was Repaired

38750084 - Corrupted infrastructure component repaired.

Explanation

A corrupted component that is responsible for host services on a managed host was repaired.

User Response

No action is required.

Custom Property Disabled

38750097 - A custom property has been disabled.

Explanation

A custom property is disabled because the custom property has processing problems. Rules, reports, or searches that use the disabled custom property stop working properly.

User Response

Select one of the following options:

  • Review the disabled custom property to correct your regex patterns. Do not re-enable disabled custom properties without first reviewing and optimizing the regex pattern or calculation.

  • If the custom property is used for custom rules or reports, ensure that the Optimize parsing for rules, reports, and searches check box is selected.

Data Replication Difficulty

38750085 - Data replication experiencing difficulty.

Explanation

Data replication ensures that managed hosts can continue to collect data if the console is unavailable.

A managed host had difficulty downloading data. If a managed host repeatedly fails to download data, the system might experience performance or communication issues.

User Response

If a managed host does not resolve the replication issue on its own, contact Juniper Customer Support.

Replication Cleanup Skipped for Host

38750172 - Database replication cleanup skipped for host as it has been too long since it received an update.

Explanation

Data replication ensures that managed hosts can continue to collect data when the console is not available.

A managed host was skipped during cleanup because it was too long since it received an update. If a managed host fails to receive replication updates from the console, it isn't connecting properly to the console.

User Response

To resolve this issue, select one of the following options:

  • Click Admin > System and License Management, and then check the status of your managed host. Ensure that the Host Status is Active. If the Host Status is unknown, there are issues with the managed host that you need to investigate.

  • If a managed host doesn't resolve the replication issue on its own, contact Juniper Customer Support.

MPC: Process Not Shutdown Cleanly

38750058 - MPC: Server was not shutdown cleanly. Offenses are being closed in order to re-synchronize and ensure system stability.

Explanation

The magistrate process encountered an error. Active offenses close, services restarts, and the database tables are verified and rebuilt if necessary.

The system synchronizes to prevent data corruption. If the magistrate component detects a corrupted state, then the database tables and files are rebuilt.

User Response

The magistrate component self-repairs. If the error continues, contact Juniper Customer Support.

Protocol Source Configuration Incorrect

38750057 - A protocol source configuration may be stopping events from being collected.

Explanation

The system detected an incorrect protocol configuration for a log source. Log sources that use protocols to retrieve events from remote sources can generate an initialization error when a configuration problem in the protocol is detected.

User Response

Resolve the protocol configuration issues by following these steps:

  • Review the log source to ensure that the protocol configuration is correct.

    Verify authentication fields, file paths, database names for JDBC, and ensure that the system can communicate with remote servers. Hover your mouse pointer over a log source to view more error information.

  • Review the /var/log/qradar.log file for more information about the protocol configuration error.

Raid Controller Misconfiguration

38750140 - Raid Controller misconfiguration: Hardware Monitoring determined that a virtual drive is configured incorrectly.

Explanation

For maximum performance, raid controllers cache and battery backup unit (BBU) must be configured to use write-back cache policy. When write-through cache policy is used, storage performance degrades and might cause system instability.

User Response

Review the health of the battery backup unit. If the battery backup unit is working correctly, change the cache policy to write-back.

Restored System Health by Canceling Hung Transactions

38750049 - Transaction Sentry: Restored system health by canceling hung transactions or deadlocks.

Explanation

The transaction sentry restored the system to normal system health by canceling suspended database transactions or removing database locks. To determine the process that caused the error, review the qradar.log file for the word TxSentry.

User Response

No action is required.

Related Documentation