The following are the known issues related to agents and CA Technologies adapters.
Symptom:
The HP PA-RISC agent fails to load the configured P12 certificate.
Solution:
This is a known issue. A fix will be available in a future release.
Symptom:
The CA User Activity Reporting Module server fails to communicate with the RHEL 7 agent.
Solution:
This issue arises if the port numbers 6789 and 5250 are not open on the RHEL 7 agent. To open the ports on the RHEL 7 agent, see the RHEL documentation set.
Symptom:
The RHEL 7 agent fails to start after a shut down or restart.
Solution:
To resolve the issue, perform the following steps:
[Unit] Description=CA UARM After=multi-user.target [Service] Type=forking RemainAfterExit=true ExecStart=/bin/bash /etc/init.d/elmagentd start ExecStop=/bin/bash /etc/init.d/elmagentd stop [Install] WantedBy=multi-user.target
systemctl enable elmagentd.service systemctl daemon-reload
Symptom:
The agenfconfig utility fails on AIX with a segmentation error.
Solution:
You can resolve this issue by exporting the following values before running the agentconfig utility:
export MALLOCMULTIHEAP=true export AIXTHREAD_STK=756000
Symptom:
When you enable the Disable Non-CEG Event Data option in an upgraded environment, the corresponding tag is not updated on the agent.
Solution:
To resolve the issue, restart the agent.
Symptom:
The centOS agent does not appear to be available for use in connector deployment after download.
Solution:
The centOS agent appears by the proper name in the Download Agent Binaries list. Once you have downloaded it, it appears in deployment screens as "RHEL5". Select RHEL5 for the centOS agent.
Symptom:
Configuring any connector to access a Windows event source and read its logs involves creating a low-privileged user account and assigning it the needed permissions. When the event source is a Windows Server 2003 SP1 host, one of the steps is to set the local security policy, Impersonate a client after authentication. When this user right is set locally, no problem occurs. However, if this setting is applied as a domain policy to all servers, the global application has the affect of removing the existing local assignments for other users, namely Administrators and SERVICE.
A Microsoft support article states that "... problems occur when a Group Policy setting that defines the Impersonate a client after authentication user right is linked to the domain. This user right should be linked only to a site or to an organizational unit (OU)."
Solution:
See the Microsoft Knowledge Base article ID 930220 for the recommendation to restore full unsecured TPC/IP connectivity by disabling the IPSec services and restarting the computer and the steps to add back the Administrators and SERVICE groups as a Group Policy setting. Try the following link:
http://support.microsoft.com/kb/930220
Microsoft also recommends the following methods to resolve problems caused by applying the setting Impersonate a client after authentication as a group policy:
See the Microsoft Knowledge Base article ID: 911801 for the steps to implement both recommended resolutions. Try the following link:
http://support.microsoft.com/kb/911801
Symptom:
When the syslog listener is configured with the default UDP port on an agent running as a non-root user on a Linux host, UDP port 514 (default for syslog) is not opened and no syslog events are collected on that port.
Solution:
If the agent is running as a non-root user on a UNIX system, change the syslog listener ports to port numbers above 1024 or change the service to run as root.
Symptom:
After upgrading CA User Activity Reporting Module, when you open the integration wizard to edit an existing integration, or create a new one, Message Parsing files fail to appear. The XMP shuttle control where MP files normally appear is blank.
Solution:
You can increase the java heap size to eliminate this issue, and display MP files in the Integration Wizard.
./S99igateway stop
<JVMSettings>
<loadjvm>true</loadjvm>
<javahome>/usr/java/latest/jre</javahome>
<Properties name="java.endorsed.dirs=/opt/CA/SharedComponents/iTechnology/endorsed" >
<system-properties>java.endorsed.dirs=/opt/CA/SharedComponents/iTechnology/endorsed</system-properties>
</Properties>
<Properties name="initial heap size" >
<jvm-property>-Xms512m</jvm-property>
</Properties>
<Properties name="max heap size" >
<jvm-property>-Xmx768m</jvm-property>
</Properties>
</JVMSettings>
<jvm-property>-Xmx1024m</jvm-property>
./S99igateway start
Symptom:
When you apply an OPSEC connector in your environment, it fails with the following error:
[ConnectorFW::AddConnector] DllLoad Failed, Hence terminating the Connector
Solution:
The OPSEC password cannot contain the "$" character. Remove the character from the password and redeploy the connector.
Symptom:
When removing a CA User Activity Reporting Module server from a group of federated servers, the deleted server's default agent is not removed from its related agent group.
Solution:
Manually delete the agent from its group in the Agent Explorer sub-tab.
Symptom:
Events collected using the CA Audit SAPI Collector do not have all the event fields properly populated. This results in most of the reports not displaying the data in the expected manner.
Solution:
Use the CA Audit SAPI Router to collect events from your existing CA Audit infrastructure.
Symptom:
The Text File log sensor running on a Solaris agent system stops receiving events.
If you review the log file for the connector, it contains an error indicating that a library file, libssl.so.0.9.7, failed to open:
[4] 07/20/10 18:55:50 ERROR :: [ProcessingThread::DllLoad] :Error is: ld.so.1: caelmconnector: fatal: libssl.so.0.9.7: open failed: No such file or directory [4] 07/20/10 18:55:50 ERROR :: [ProcessingThread::run] Dll Load and Initialize failed, stopping the connector ... [3] 07/20/10 18:55:50 NOTIFY :: [CommandThread::run] Cmd_Buff received is START
Solution:
Identify the location of the library to enable the agent to receive events.
To resolve the error on the Solaris agent system
cd /etc
vi /etc/profile
LD_LIBRARY_PATH=/usr/sfw/lib:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH
/opt/CA/ELMAgent/bin/S99elmagent stop
/opt/CA/ELMAgent/bin/S99elmagent start
The Text File log sensor starts receiving events and the error is no longer displayed in the log file.
Symptom:
A CA User Activity Reporting Module agent becomes unresponsive and stops accepting events. The following error message appears in the caelmdispatcher.log file:
[275] 07/12/10 14:32:05 ERROR :: FileQueue::PutEvents Unable to write to new event file [275] 07/12/10 14:32:05 ERROR :: WriterThread::run Unable to push events to FileQueue, Retrying [275] 07/12/10 14:32:10 NOTIFY :: FileQueue::UpdateCurrentWriterFile Reached Max files configured limit=10, Not creating any new files for now
Solution:
This indicates that there is a very high rate of incoming events for the hardware in the environment. You can address this issue by reconfiguring the agent, using the following procedure:
Sets the maximum number of files that can be created in the event reception file queue. The Max Number limit is 1000 files. The default setting is 10.
Sets the maximum size, in MB, for each file in the event reception file queue. When a file reaches the maximum size, CA User Activity Reporting Module creates a new file. The Max Size limit is 2048 MB. The default setting is 100 MB.
You can adjust these parameters upwards as required by your environment and event per second rate.
Symptom:
When you enable the CPU throttling feature on machines that run the HP-UX PA-RISC and HP-UX Itanium agents, the CPU usage is not throttled.
Solution:
CA User Activity Reporting Module 12.5.03 does not support the CPU throttling feature on machines that run the HP-UX PA-RISC and HP-UX Itanium agents.
Symptom:
When you use the agentconfig utility to redirect the CA User Activity Reporting Module agent on Solaris, the CA User Activity Reporting Module agent stops and does not restart.
Solution:
You can resolve this issue by restarting the agent.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|