Environment
- App Control Server: All Supported Versions
Symptoms
- "SyslogGetEvents" task keeps erroring out on the Support.php > Scheduled Tasks page
- the following error is reported in the Reporter.log file:
ERROR DatabaseConnectionWrapper - Database task exception: SyslogGetEvents - Log level must be defined
WARN DatabaseConnectionWrapper - System.InvalidOperationException: Log level must be defined
Cause
- Error occurs when the "Priority" column of an incoming event is outside the expected range of 0 to 7
- Corrupt agents sending erroneous event data
Resolution
The following workaround is available until a permanent fix is released:
- Ensure there is a recent DB backup
- Stop the App Control Reporter Service
- Open SQL Mgmt Studio > Das > Programmability > Stored Procedures > Right click the "SyslogGetEvents" > Modify
- Find the following line:
priority_id as priority,
- Comment it out and replace it with the following line:
--priority_id as priority,
CASE WHEN (priority_id >=0 AND priority_id <=7) THEN priority_id ELSE 0 END as priority,
- Execute the script to update the procedure
- Start the App Control Reporter Service
- To check for corrupted agents that are sending events with invalid "Priority" data use the following SQL query:
use das; select Source from dbo.EventsGUI(1033) where priority_id < 0 or priority_id > 7 group by Source
Additional Notes
This issue is tracked as EP-15124 and is scheduled for resolution in the upcoming 8.9 server version
Related Content
