hot_ip_init: Hot IPV4 monitor information not initialized - Description (ERR):
- The Hot IP monitor information must be initialized or there will be a program error. This was probably caused by previous errors.
- Response:
- Troubleshoot the problem based on previous error messages.
hot_ip_init: Hot IPV6 monitor information not initialized - Description (ERR):
- The Hot IP monitor information must be initialized or there will be a program error. This was probably caused by previous errors.
- Response:
- Troubleshoot the problem based on previous error messages.
hot_ip_tree: More than 16 million Hot IPs in tree - Description (CRIT):
- The number of Hot IPs is too large. The current tree is not saved.
- Response:
- Troubleshoot operating system problem based on the error reason.
hot_ip_tree: Failed to open Hot IP file 'filename' for writing: error reason - Description (ERR):
- If the Hot IP save file cannot be opened, the current list of Hot IP addresses will not be saved.
- Response:
- Troubleshoot operating system problem.
hot_ip_tree: Failed to allocate Hot IP list: error reason - Description (CRIT):
- If the memory cannot be allocated for the Hot IP list, there is an underlying system problem and the application will have to be restarted.
- Response:
- Troubleshoot operating system problem based on the error reason.
hot_ip_tree: Failed to open Hot IP file 'filename' for reading: error reason - Description (ERR):
- If the Hot IP save file cannot be opened, the current list of Hot IP addresses will not be saved.
- Response:
- Troubleshoot operating system problem.
hot_ip_tree: Failed to allocate Hot IP tree: error reason - Description (ERR):
- An error occurred allocating the Hot IP Red Black tree. The tree uses system memory allocation instead of the Realeyes Analysis Engine memory management. The application continues, but may fail soon after the error.
- Response:
- Troubleshoot operating system problem based on the error reason.
hot_ip_tree: Failed to allocate Hot IP address element: error reason - Description (CRIT):
- If the memory cannot be allocated for the Hot IP address element, there is an underlying system problem and the application will have to be restarted.
- Response:
- Troubleshoot operating system problem based on the error reason.
hot_ip_tree: Failed to insert Hot IP node in Red Black tree - Description (ERR):
- If the Hot IP node cannot be inserted in the tree, there is a system memory error and the application will have to be restarted.
- Response:
- Troubleshoot operating system problem.
get_hotip: Invalid Hot IP address - Description (ERR):
- The Hot IP definition can be generated by the Event Handler detecting an Event defined for monitoring the IP addresses, or by an external command being issued. Most likely, the external command has been sent in which the Hot IP address is not in a valid format.
- Response:
- Validate the Hot IP address formatting or notify the application development staff.
get_hotip: Invalid Hot IP address - Description (ERR):
- The Hot IP definition can be generated by the Event Handler detecting an Event defined for monitoring the IP addresses, or by an external command being issued. Most likely, the external command has been sent in which the Hot IP address is not in a valid format.
- Response:
- Validate the Hot IP address formatting or notify the application development staff.
get_hotip: Failed to allocate Hot IP address element: error reason - Description (CRIT):
- If the memory cannot be allocated for the Hot IP address element, there is an underlying system problem and the application will have to be restarted.
- Response:
- Troubleshoot operating system problem based on the error reason.
get_hotip: Failed to insert Hot IP node in Red Black tree - Description (ERR):
- If the Hot IP node cannot be inserted in the tree, there is a system memory error and the application will have to be restarted.
- Response:
- Troubleshoot operating system problem.
test_hotip: Failed to get Hot IP Trigger element: error reason - Description (CRIT):
- If the analysis engine is unable to return a Trigger element, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Failed to allocate Statistics filename: error reason - Description (CRIT):
- An error occurred allocating the Statistics filename which will cause an error when the Statistics information is saved during shutdown.
- Response:
- Troubleshoot system problem based on error reason.
plugin_parser: Failed to allocate EOL array: error reason - Description (ERR):
- An error occurred allocating the EOL array. The array is allocated from system memory because it is only used temporarily.
- Response:
- Troubleshoot system problem based on error reason.
plugin_parser: parameter: value - Description (INFO):
- The values being read by the parser are displayed.
- Response:
- None
plugin_parser: EOL value is empty - Description (ERR):
- The EOL field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid EOL value value - Description (ERR):
- The EOL value is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Too many EOL values: value count - Description (ERR):
- The number of EOL values exceeded the maximum limit.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate EOL list: error reason - Description (CRIT):
- If the analysis engine is unable to return the End of Line list, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Failed to allocate EOL: error reason - Description (CRIT):
- If the analysis engine is unable to return the End of Line structure, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Trigger Condition value is empty - Description (ERR):
- The Trigger Condition field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Trigger distance exceeded maximum - Description (WARN):
- The Trigger distance condition was defined incorrectly for the Action. Because the condition is defined at all, it is set to the maximum.
- Response:
- Correct the Action configuration.
plugin_parser: Undefined Trigger condition: value - Description (ERR):
- The Trigger condition was defined incorrectly for the Action.
- Response:
- Correct the Action configuration.
plugin_parser: Action Trigger value is empty - Description (ERR):
- The Action Trigger field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Trigger not found, ID: trigger_id - Description (ERR):
- The specified Trigger ID was not found, which indicates that there is an error in the Triggers configuration or that the Stream Analyzer plugin for which the Trigger is defined has failed.
- Response:
- Verify Trigger definitions and Stream Analyzer plugin status.
plugin_parser: Failed to allocate placeholder trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Duplicate Trigger not found, ID: trigger_id - Description (ERR):
- The duplicate Trigger ID was not found, which indicates that there is an error in the Triggers configuration or that the Stream Analyzer plugin for which the Trigger is defined has failed.
- Response:
- Verify Trigger definitions and Stream Analyzer plugin status.
plugin_parser: More Triggers than Action defined - Description (ERR):
- The Total attribute was defined incorrectly for the Action.
- Response:
- Correct the Action configuration.
plugin_parser: Failed to allocate network monitor structure: error reason - Description (ERR):
- The network monitor structure is used to maintain information about networks being monitored. A list of networks is created by the Stream handler process using its own address space. Then an array is allocated in the main anchor that can be accessed by all plugins.
- Response:
- Troubleshoot operating system problem.
plugin_parser: Invalid network mask 'mask' - Description (ERR):
- The network mask must be a complete and valid IP address in hexadecimal (4 octets for IPv4, 16 for IPv6).
- Response:
- Correct Stream Handler configuration.
plugin_parser: Invalid network mask size - Description (WARN):
- The network mask size in bits must be between 8 and the maximum address size (32 for IPv4, 128 for IPv6).
- Response:
- Correct Stream Handler configuration.
plugin_parser: Network address value is empty - Description (ERR):
- The Network address field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid monitored network address - Description (ERR):
- The monitored network address is not in a valid format.
- Response:
- Correct Stream Handler configuration.
plugin_parser: Invalid monitored network address - Description (ERR):
- The monitored network address is not in a valid format.
- Response:
- Correct Stream Handler configuration.
plugin_parser: Failed to allocate monitors - Description (WARN):
- If the analysis engine is unable to allocate the monitor port and host definition structures, statistics will not be collected, but the application will continue.
- Response:
- Troubleshoot problem based on previous messages.
plugin_parser: Failed to allocate statistics: error reason - Description (CRIT):
- If the analysis engine is unable to return the statistics structure, then the application will have to be restarted.
- Response:
- Troubleshoot problem based on error message.
plugin_parser: Interval Hour 1 value is empty - Description (ERR):
- The Interval Hour 1 field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid statistics hour interval: interval value - Description (WARN):
- If the statistics hour interval is invalid, the default will be used. This could result in the actual times being out of sequence which will cause the Statistics collection to be disabled.
- Response:
- Correct the Statistics section in the Action Analyzer configuration.
plugin_parser: Interval Hour 2 value is empty - Description (ERR):
- The Interval Hour 2 field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Interval Hour 3 value is empty - Description (ERR):
- The Interval Hour 3 field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Interval Minute 1 value is empty - Description (ERR):
- The Interval Minute 1 field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid statistics minute interval: interval value - Description (WARN):
- If the statistics hour interval is invalid, the default will be used. This could result in the actual times being out of sequence which will cause the Statistics collection to be disabled.
- Response:
- Correct the Statistics section in the Action Analyzer configuration.
plugin_parser: Interval Minute 2 value is empty - Description (ERR):
- The Interval Minute 2 field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Interval Minute 3 value is empty - Description (ERR):
- The Interval Minute 3 field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Statistics minimum data value is empty - Description (ERR):
- The Statistics minimum data field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid minimum data value: minimum data - Description (WARN):
- If the minimum data value is invalid, the default will be used.
- Response:
- Correct the Statistics section in the Action Analyzer configuration.
plugin_parser: Maximum ports value is empty - Description (ERR):
- The Maximum ports field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid maximum ports value: maximum ports - Description (WARN):
- If the maximum ports value is invalid, the default will be used.
- Response:
- Correct the Statistics section in the Action Analyzer configuration.
plugin_parser: Statistics state is OFF - Description (WARN):
- The configuration is defined to not collect statistics.
- Response:
- If the application should be collecting statistics, correct the Stream Handler configuration.
plugin_parser: Maximum monitor hosts exceeded - Description (WARN):
- The maximum number of hosts that can be monitored at one time is 16.
- Response:
- Verify the Stream Handler configuration.
plugin_parser: Invalid expiration date for monitored host date - Description (WARN):
- The expiration date of the host definition is formatted incorrectly.
- Response:
- Correct the statistics configuration.
plugin_parser: Monitored host definition expired - Description (WARN):
- The monitored host definition has expired and will be ignored. Because this is set in the configuration file, it must be changed by the application administrator.
- Response:
- Update the statistics configuration.
plugin_parser: Monitored host value is empty - Description (ERR):
- The Monitored host field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid monitored host address - Description (ERR):
- The monitored host address is not in a valid format.
- Response:
- Correct Stream Handler configuration.
plugin_parser: Maximum monitor ports exceeded - Description (WARN):
- The maximum number of combined TCP and UDP ports that can be monitored at one time is 16.
- Response:
- Verify the Stream Handler configuration.
plugin_parser: Invalid expiration date for monitored port date - Description (WARN):
- The expiration date of the port definition is formatted incorrectly.
- Response:
- Correct the statistics configuration.
plugin_parser: Monitored port definition expired - Description (WARN):
- The monitored port definition has expired and will be ignored. Because this is set in the configuration file, it must be changed by the application administrator.
- Response:
- Update the statistics configuration.
plugin_parser: Monitored port value is empty - Description (ERR):
- The Monitored port field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid port port - Description (ERR):
- The TCP or UDP port is out of the valid range, 0 - 65536.
- Response:
- Correct the Stream Handler configuration.
plugin_stop: Failed to detach RB Tree block shared memory segment: error reason - Description (ERR): If the analysis engine is unable to detach a RB Tree block shared memory segment, it will have to detached manually using the ipcrm command.
- Response: Troubleshoot the system problem based on the error reason.
plugin_stop: Failed to detach port statistics shared memory segment: error reason - Description (ERR): If the analysis engine is unable to detach a port statistics shared memory segment, it will have to detached manually using the ipcrm command.
- Response: Troubleshoot the system problem based on the error reason.
local_plugin_init: Failed to allocate local data struct: error reason - Description (CRIT):
- There was a memory allocation failure when getting the local collector plugin structure.
- Response:
- Troubleshoot operating system problem based on the error reason.
local_plugin_init: Failed to allocate interface struct: error reason - Description (CRIT):
- There was a memory allocation failure when getting the collector interface structure.
- Response:
- Troubleshoot operating system problem based on the error reason.
plugin_parser: File and interface are mutually exclusive - Description (ERR):
- The data source may be either a file or a network interface, but not both.
- Response:
- Correct collector configuration definition.
plugin_parser: Input File value is empty - Description (ERR):
- The Input File field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Interface and file are mutually exclusive - Description (ERR):
- The data source may be either a file or a network interface, but not both.
- Response:
- Correct collector configuration definition.
plugin_parser: Interface value is empty - Description (ERR):
- The Interface field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Pcap filter value is empty - Description (ERR):
- The Pcap filter field is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_process: Exiting with Collector error: error reason - Description (ERR):
- The packet capture library returned an error after having started to capture packets.
- Response:
- Troubleshoot problem based on packet capture message.
init_pcap: Packet capture error: error reason - Description (CRIT):
- The packet capture library reported an error, which is printed in the message.
- Response:
- Troubleshoot system problem.
init_pcap: Packet capture message: error reason - Description (NOTE):
- The packet capture library reported a condition that is printed in the message. This is not an error, but may cause unexpected results.
- Response:
- Verify collector configuration definition.
init_pcap: Interface type not found for interface - Description (ERR):
- The interface type reported by the packet capture library was not found in the list of interfaces supported by the collector plugin. Not all interfaces are supported by default, some must be specified when the RealeyesIDS package is built.
- Response:
- Verify the package installation.
init_pcap: No input type specified - Description (ERR):
- A data source must be specified as either a file or a network interface.
- Response:
- Correct collector configuration definition.
init_pcap: Failed to set gid/uid - Description (ERR):
- Initially the collector plugin runs under the superuser ID to be able to set the interface to promiscuous mode for collecting packets from the network. When this is complete, an ID with lower privileges should be set, but this has failed.
- Response:
- Troubleshoot operating system problem.
init_pcap: Failed to get home network information - Description (ERR):
- The packet capture library returned an error when attempting to retrieve information about the local network.
- Response:
- Troubleshoot local network problem.
init_pcap: Failed to compile Berkeley packet filter - Description (ERR):
- The filter that was supplied for the packet capture library failed to compile. This is often a case of unbalanced parentheses.
- Response:
- Validate Berkeley packet filter definition.
init_pcap: Failed to set Berkeley packet filter
- Description (ERR):
- The filter that was supplied for the packet capture library failed when being set. This is often a case of the filter being syntactically correct, but logically incorrect.
- Response:
- Validate Berkeley packet filter definition.
plugin_parser: Failed to build event ID - Description (CRIT):
- An error occurred allocating the Event structure. This could be a problem in the Event definition, because the Total attribute is required.
- Response:
- Verify Event definition, and if correct, troubleshoot system errors.
plugin_parser: Hot IP value is empty - Description (ERR):
- The Hot IP is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Undefined Hot IP selection: selection - Description (ERR):
- The Hot IP selection: was defined incorrectly for the Event.
- Response:
- Correct the Event configuration.
plugin_parser: Action Condition value is empty - Description (ERR):
- The Action Condition is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Undefined Action condition: value - Description (ERR):
- The Action condition was defined incorrectly for the Event.
- Response:
- Correct the Event configuration.
plugin_parser: Event Action value is empty - Description (ERR):
- The Event Action is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Action not found, ID: action_id - Description (ERR):
- The specified Action ID was not found, which indicates that there is an error in the Actions configuration or that the Action Analyzer plugin has failed.
- Response:
- Verify Action definitions and Action Analyzer plugin status.
plugin_parser: More Actions than Event defined - Description (ERR):
- The Total attribute was defined incorrectly for the Event.
- Response:
- Correct the Event configuration.
plugin_parser: Analysis Record File value is empty - Description (ERR):
- The Analysis Record File is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_process: Error allocating Recorder file name: error reason - Description (ERR):
- An error occurred allocating the Recorder file name. This buffer uses system memory allocation instead of the Realeyes Analysis Engine memory management.
- Response:
- Troubleshoot operating system problem.
plugin_process: Error opening Recorder file: error reason - Description (ERR):
- An error occurred opening the Recorder file.
- Response:
- Troubleshoot operating system problem.
ri_get_record_data: Failed to get Data overlap list: error reason - Description (CRIT):
- If the analysis engine is unable to return a Data overlap list then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
ri_record_handler: Failed to allocate Hot IP element: error reason - Description (CRIT):
- If the analysis engine is unable to return a Hot IP element then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
ri_record_handler: Failed to get Hot IP address: error reason - Description (WARN):
- The call to convert the network address to a readable form was unsuccessful. The application continues, but the Hot IP will not be monitored.
- Response:
- Troubleshoot system problem based on the error reason.
ri_record_handler: Failed to get Hot IP lock - Description (WARN):
- If the analysis engine is unable to return the Hot IP lock then the IP address will not be monitored. This may be a sign of other problems, but the function is exitted immediately and the application continues.
- Response:
- Troubleshoot operating system problem.
ri_record_handler: Failed to allocate Hot IP element: error reason - Description (CRIT):
- If the analysis engine is unable to return a Hot IP element then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
ri_record_handler: Failed to get Hot IP lock - Description (WARN):
- If the analysis engine is unable to return the Hot IP lock then the IP address will not be monitored. This may be a sign of other problems, but the function is exitted immediately and the application continues.
- Response:
- Troubleshoot operating system problem.
ri_get_stats: Error attaching port statistics shared memory: error reason - Description (ERR):
- An error occurred attaching the port statistics shared memory. This buffer is created by the Statistics collector. If it cannont be attached by the Event Analyzer, te application continues, but will probably fail soon after the error.
- Response:
- Troubleshoot operating system problem.
ri_get_stats: Error attaching host statistics shared memory: error reason - Description (ERR):
- An error occurred attaching the port statistics shared memory. This buffer is created by the Statistics collector. If it cannont be attached by the Event Analyzer, te application continues, but will probably fail soon after the error.
- Response:
- Troubleshoot operating system problem.
ri_get_stats: Error allocating port statistics sort array: error reason - Description (ERR):
- An error occurred allocating the port statistics sort array. This buffer uses system memory allocation instead of the Realeyes Analysis Engine memory management. The application continues, but will probably fail soon after the error.
- Response:
- Troubleshoot operating system problem.
ri_get_stats: Failed to allocate Analysis Record: error reason - Description (CRIT):
- If the analysis engine is unable to return an Analysis Record then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
ri_get_stats: Failed to get Statistics Record buffer: error reason - Description (ERR):
- If the analysis engine is unable to return an Statistics Record buffer, the application will continue, but statistics will not be collected.
- Response:
- This buffer uses swappable storage that is allocated by the system. If the allocation fails, there may not be enough swap space available. If this occurs repeatedly, then increase the swap partition. Otherwise, recommend to management that the hardware be upgraded.
ri_get_stats: Writing Statistics record (record size) - Description (NOTE): Statistics have been collected and the current interval has expired.
- Response: None.
ri_get_stats: Failed to detach RB tree shared memory segment: error reason - Description (ERR): If the analysis engine is unable to detach a RB tree shared memory segment, the application will run out of swap space and eventually have to be restarted.
- Response: Troubleshoot the system problem based on the error reason. The shared memory system calls are dependent on the system configuration. On a Linux system, use the sysctl command to configure the system settings.
ri_get_stats: Failed to detach port statistics shared memory segment: error reason - Description (ERR): If the analysis engine is unable to detach a port statistics shared memory segment, the application will run out of swap space and eventually have to be restarted.
- Response: Troubleshoot the system problem based on the error reason. The shared memory system calls are dependent on the system configuration. On a Linux system, use the sysctl command to configure the system settings.
plugin_stop: Stream Record not built - Description (WARN):
- A Stream Record was not built which could be because only multi-Stream Events that were marked for deletion were found. However there may be more serious errors. However, since the plugin is being shutdown, this is only a notification that some data may have been lost.
- Response:
- Troubleshoot based on previous error messages.
plugin_parser: Invalid analysis definition value - Description (WARN):
- The XML Data Type Definition (DTD) is the same for all Stream Analysis plugins. However, not all plugins support the complete definition. If an element is defined that is not supported by the plugin, it will not be analyzed. This is treated as an error.
- Response:
- Correct plugin configuration.
plugin_parser: Backspaces value is empty - Description (ERR):
- The Backspaces is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid backspace value value - Description (ERR):
- The backspace list is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate backspaces: error reason - Description (CRIT):
- If the analysis engine is unable to return the backspace list, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: String location value is empty - Description (ERR):
- The String location value is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: String value is empty - Description (ERR):
- The String is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid data string string - Description (ERR):
- The data string is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate data trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the data Trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Failed to allocate data trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the data Trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Failed to allocate special trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the special trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Special location value is empty - Description (ERR):
- The Special location is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Special length value is empty - Description (ERR):
- The Special length is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Special value is empty - Description (ERR):
- The Special is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid special value value - Description (ERR):
- The special value is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate special trigger value: error reason - Description (CRIT):
- If the analysis engine is unable to return the special trigger value, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Special condition value is empty - Description (ERR):
- The Special condition is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid special condition value - Description (ERR):
- The special condition is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
local_plugin_init: Failed to allocate IPv4 home network tree: error reason - Description (ERR):
- An error occurred allocating the IPv4 home network tree. The tree uses system memory allocation instead of the Realeyes Analysis Engine memory management. The application continues, but may fail soon after the error.
- Response:
- Troubleshoot operating system problem based on the error reason.
plugin_parser: Invalid analysis definition value - Description (WARN):
- The XML Data Type Definition (DTD) is the same for all Stream Analysis plugins. However, not all plugins support the complete definition. If an element is defined that is not supported by the plugin, it will not be analyzed. This is treated as an error.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate header trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the header trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Trigger header type type not IPV4 - Description (ERR):
- The header type must be IPV4 for this plugin.
- Response:
- Correct plugin configuration.
plugin_parser: Header location value is empty - Description (ERR):
- The Header location is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Header length value is empty - Description (ERR):
- The Header length is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Header value is empty - Description (ERR):
- The Header value is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid header value value - Description (ERR):
- The header value is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate header trigger value: error reason - Description (CRIT):
- If the analysis engine is unable to return the header trigger value, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Header condition value is empty - Description (ERR):
- The Header condition is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid header condition value - Description (ERR):
- The header condition is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate special trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the special trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Special location value is empty - Description (ERR):
- The Special location is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Special length value is empty - Description (ERR):
- The Special length is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Special value is empty - Description (ERR):
- The Special is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid special value value - Description (ERR):
- The special value is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate special trigger value: error reason - Description (CRIT):
- If the analysis engine is unable to return the special trigger value, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Special condition value is empty - Description (ERR):
- The Special condition is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid special condition value - Description (ERR):
- The special condition is incorrectly defined which will produce unpredictable results.
- Response:
- Correct the plugin configuration.
ri_parse_homenet: Invalid home network Trigger offset - Description (WARN):
- The offset for a home network Trigger must be 12 for a source address or 16 for a destination address. Processing continues, but the Trigger is ignored.
- Response:
- Correct the plugin configuration.
ri_parse_homenet: Failed to insert IP home network node in Red Black tree - Description (ERR):
- If the IP home network node cannot be inserted in the tree, there is a system memory error and the application will have to be restarted.
- Response:
- Troubleshoot the operating system problem.
ri_parse_homenet: Invalid home network value: error reason
value - Description (ERR):
- The format of the home network Trigger for monitoring specific networks for activity is incorrect.
- Response:
- Correct the plugin configuration.
ri_parse_iptime: Failed to get IPv4 time analysis struct: error reason - Description (CRIT):
- There was a memory allocation failure when getting the IPV4 Time analysis structure for testing traffic.
- Response:
- Troubleshoot operating system problem based on the error reason.
ri_parse_iptime: Failed to insert IP time analysis node in Red Black tree - Description (ERR):
- If the IP time analysis node cannot be inserted in the tree, there is a system memory error and the application will have to be restarted.
- Response:
- Troubleshoot the operating system problem.
ri_parse_iptime: Invalid IPv4 time analysis Trigger value: value - Description (ERR):
- The format of the IPv4 time analysis Trigger for monitoring hosts or networks for activity during disallowed periods is incorrect.
- Response:
- Correct the plugin configuration.
ri_parse_iptimex: Failed to get IPv4 time exclusion struct: error reason - Description (CRIT):
- There was a memory allocation failure when getting the IPV4 Time exclusion structure for testing traffic.
- Response:
- Troubleshoot operating system problem based on the error reason.
ri_parse_iptimex: Invalid IPv4 time exclusion Trigger value: value - Description (ERR):
- The format of the IPv4 time exclusion Trigger for allowing hosts or networks for activity during specified periods is incorrect.
- Response:
- Correct the plugin configuration.
plugin_process: Failed to allocate Hot IP structure: error reason - Description (CRIT):
- The network monitor structure is used to maintain information about networks being monitored. A list of networks is created by the Stream handler process using its own address space. Then an array is allocated in the main anchor that can be accessed by all plugins.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_process: Failed to allocate IP time exclude list: error reason - Description (CRIT):
- The IP time exclude list is used to ignore hosts or networks that connect to hosts being monitored during specified time periods. The list is allocated by the Stream handler process using its own address space.
- Response:
- Troubleshoot operating system problem based on error reason.
plugin_process: Invalid IP time exclude list - Description (WARN):
- There was a mismatch in the size and number of elements in the IP time exclude list. The application continues to run, but there may be excessive IP time Events reported.
- Response:
- Correct the plugin configuration.
local_plugin_init: Failed to allocate IPv6 home network tree: error reason - Description (ERR):
- An error occurred allocating the IPv6 home network tree. The tree uses system memory allocation instead of the Realeyes Analysis Engine memory management. The application continues, but may fail soon after the error.
- Response:
- Troubleshoot operating system problem based on the error reason.
plugin_parser: Invalid analysis definition value - Description (WARN):
- The XML Data Type Definition (DTD) is the same for all Stream Analysis plugins. However, not all plugins support the complete definition. If an element is defined that is not supported by the plugin, it will not be analyzed. This is treated as an error.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate header trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the header trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Trigger header type type not IPV6 - Description (ERR):
- The header type must be IPV6 for this plugin.
- Response:
- Correct plugin configuration.
plugin_parser: Header location value is empty - Description (ERR):
- The Header location is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Header length value is empty - Description (ERR):
- The Header length is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Header value is empty - Description (ERR):
- The Header value is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid header value value - Description (ERR):
- The header value is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate header trigger value: error reason - Description (CRIT):
- If the analysis engine is unable to return the header trigger value, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Header condition value is empty - Description (ERR):
- The Header condition is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid header condition value - Description (ERR):
- The header condition is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate special trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the special trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Special location value is empty - Description (ERR):
- The Special location is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Special length value is empty - Description (ERR):
- The Special length is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Special value is empty - Description (ERR):
- The Special is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid special value value - Description (ERR):
- The special value is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate special trigger value: error reason - Description (CRIT):
- If the analysis engine is unable to return the special trigger value, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Failed to get IPv6 extension header struct: error reason - Description (CRIT):
- There was a memory allocation failure when getting the IPV6 extension header structure for testing headers.
- Response:
- Troubleshoot operating system problem based on the error reason.
plugin_parser: Special condition value is empty - Description (ERR):
- The Special condition is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid special condition value - Description (ERR):
- The special condition is incorrectly defined which will produce unpredictable results.
- Response:
- Correct the plugin configuration.
ri_parse_homenet: Invalid home network Trigger offset - Description (WARN):
- The offset for a home network Trigger must be 12 for a source address or 16 for a destination address. Processing continues, but the Trigger is ignored.
- Response:
- Correct the plugin configuration.
ri_parse_homenet: Failed to insert IP home network node in Red Black tree - Description (ERR):
- If the IP home network node cannot be inserted in the tree, there is a system memory error and the application will have to be restarted.
- Response:
- Troubleshoot the operating system problem.
ri_parse_homenet: Invalid home network value: error reason
value - Description (ERR):
- The format of the home network Trigger for monitoring specific networks for activity is incorrect.
- Response:
- Correct the plugin configuration.
ri_parse_iptime: Failed to get IPv6 time analysis struct: error reason - Description (CRIT):
- There was a memory allocation failure when getting the IPV6 Time analysis structure for testing traffic.
- Response:
- Troubleshoot operating system problem based on the error reason.
ri_parse_iptime: Failed to insert IP time analysis node in Red Black tree - Description (ERR):
- If the IP time analysis node cannot be inserted in the tree, there is a system memory error and the application will have to be restarted.
- Response:
- Troubleshoot the operating system problem.
ri_parse_iptime: Invalid IPv6 time analysis Trigger value: value - Description (ERR):
- The format of the IPv6 time analysis Trigger for monitoring hosts or networks for activity during disallowed periods is incorrect.
- Response:
- Correct the plugin configuration.
ri_parse_iptimex: Failed to get IPv6 time exclusion struct: error reason - Description (CRIT):
- There was a memory allocation failure when getting the IPV6 Time exclusion structure for testing traffic.
- Response:
- Troubleshoot operating system problem based on the error reason.
ri_parse_iptimex: Invalid IPv6 time exclusion Trigger value: value - Description (ERR):
- The format of the IPv6 time exclusion Trigger for allowing hosts or networks for activity during specified periods is incorrect.
- Response:
- Correct the plugin configuration.
exthdr_parser: Invalid IPv6 extended header type: type - Description (ERR):
- The IPv6 extension header is outside the range of 0 - 60, the Destination options header (currently the highest numbered IPv6 extension header type).
- Response:
- Correct the configuration problem.
exthdr_parser: Failed to get IPv6 extension header struct: error reason - Description (CRIT):
- There was a memory allocation failure when getting the IPV6 extension header structure for testing headers.
- Response:
- Troubleshoot operating system problem based on the error reason.
exthdr_parser: Unsupported IPv6 extension header Trigger definition: definition - Description (WARN):
- There was a memory allocation failure when getting the IPV6 extension header structure for testing headers.
- Response:
- Troubleshoot operating system problem based on the error reason.
plugin_process: Failed to allocate Hot IP structure: error reason - Description (CRIT):
- The network monitor structure is used to maintain information about networks being monitored. A list of networks is created by the Stream handler process using its own address space. Then an array is allocated in the main anchor that can be accessed by all plugins.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_process: Failed to allocate IP time exclude list: error reason - Description (CRIT):
- The IP time exclude list is used to ignore hosts or networks that connect to hosts being monitored during specified time periods. The list is allocated by the Stream handler process using its own address space.
- Response:
- Troubleshoot operating system problem based on error reason.
plugin_process: Invalid IP time exclude list - Description (WARN):
- There was a mismatch in the size and number of elements in the IP time exclude list. The application continues to run, but there may be excessive IP time Events reported.
- Response:
- Correct the plugin configuration.
local_plugin_init: Failed to allocate Session Size tree: error reason - Description (ERR):
- An error occurred allocating the Session Size tree. The tree uses system memory allocation instead of the Realeyes Analysis Engine memory management. The application continues, but may fail soon after the error.
- Response:
- Troubleshoot operating system problem based on the error reason.
plugin_parser: Failed to allocate header trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the header trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Trigger header type type not TCP - Description (ERR):
- The header type must be TCP for this plugin.
- Response:
- Correct plugin configuration.
plugin_parser: Header location value is empty - Description (ERR):
- The Header location is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Header length value is empty - Description (ERR):
- The Header length is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Header value is empty - Description (ERR):
- The Header is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid header value value - Description (ERR):
- The header value is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate header trigger value: error reason - Description (CRIT):
- If the analysis engine is unable to return the header trigger value, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Header condition value is empty - Description (ERR):
- The Header condition is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid header condition value - Description (ERR):
- The header condition is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate special trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the special trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Special location value is empty - Description (ERR):
- The Special location is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Special length value is empty - Description (ERR):
- The Special length is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Special value is empty - Description (ERR):
- The Special is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid special value value - Description (ERR):
- The special value is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate Special Trigger value: error reason - Description (CRIT):
- If the analysis engine is unable to return the special trigger value, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Special condition value is empty - Description (ERR):
- The Special condition is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid special condition value - Description (ERR):
- The special condition is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
option_parser: Invalid option definition: value - Description (ERR):
- The TCP option definition could not be parsed.
- Response:
- Correct the configuration problem.
option_parser: Invalid option: option - Description (ERR):
- The TCP option is outside the range of 2 - 255. The Noop (1) and End of Option List (0) definitions are handled by default.
- Response:
- Correct the configuration problem.
option_parser: Invalid option length: option - Description (ERR):
- The TCP option length is outside the range of 0 - 255.
- Response:
- Correct the configuration problem.
option_parser: Too many keywords: value - Description (WARN):
- The TCP option handler definition could not be parsed.
- Response:
- Correct the configuration problem or report it to the application developers.
option_parser: Invalid option keyword: value - Description (WARN):
- The TCP option handler definition could not be parsed.
- Response:
- Correct the configuration problem.
option_parser: Invalid option value: value - Description (WARN):
- The TCP option handler value could not be parsed.
- Response:
- Correct the configuration problem.
option_parser: Invalid number of keywords: value - Description (WARN):
- The TCP option handler definition must have the correct number of keywords.
- Response:
- Correct the configuration problem.
option_parser: Failed to allocate Timestamp analysis struct: error reason - Description (CRIT):
- There was a memory allocation failure when getting the TCP Timestamp option structure.
- Response:
- Troubleshoot operating system problem based on the error reason.
option_parser: Invalid timestamp difference: value - Description (WARN):
- The TCP timestamp option difference must be between 1 and 500,000. The value is set to the default (10) and processing continues.
- Response:
- Correct the configuration problem.
option_parser: Invalid timestamp maximum options: value - Description (WARN):
- The TCP timestamp option maximum options must be between 1 and 4. The value is set to the default (1) and processing continues.
- Response:
- Correct the configuration problem.
option_parser: Invalid timestamp keyword: value - Description (WARN):
- The TCP timestamp option definition is invalid. Although it will be ignored, processing continues.
- Response:
- Correct the configuration problem.
option_parser: Unsupported option: option - Description (WARN):
- There is no handler for the defined TCP option.
- Response:
- Correct the configuration problem.
session_parser: Session size Trigger has no values - Description (WARN):
- The Session Size Trigger did not include any values and will not be tested.
- Response:
- Correct the plugin configuration.
session_parser: Error in Session Size definition, expected Port - Description (ERR):
- The Session Size definition was not formatted correctly. The application continues, but may not work as expected.
- Response:
- Correct the plugin configuration.
session_parser: Invalid Session Size port: port - Description (WARN):
- The Session Size port must be a valid TCP port value.
- Response:
- Correct the plugin configuration.
session_parser: Invalid Session Size definition for port port - Description (WARN):
- The Session Size factor must be defined.
- Response:
- Correct the plugin configuration.
session_parser: Error in Session Size definition, expected Factor - Description (ERR):
- The Session Size definition was not formatted correctly. The application continues, but may not work as expected.
- Response:
- Correct the plugin configuration.
session_parser: Session Size Port port already exists - Description (WARN):
- Only one of each Session Size port may be defined.
- Response:
- Correct the plugin configuration.
session_parser: Failed to insert Session size node in Red Black tree - Description (ERR):
- If the Session size node cannot be inserted in the tree, there is a system memory error and the application will have to be restarted.
- Response:
- Troubleshoot the operating system problem.
plugin_parser: Invalid analysis definition value - Description (WARN):
- The XML Data Type Definition (DTD) is the same for all Stream Analysis plugins. However, not all plugins support the complete definition. If an element is defined that is not supported by the plugin, it will not be analyzed. This is treated as an error.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate header trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the header trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Trigger header type type not UDP - Description (ERR):
- The header type must be UDP for this plugin.
- Response:
- Correct plugin configuration.
plugin_parser: Header location value is empty - Description (ERR):
- The Header location is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Header length value is empty - Description (ERR):
- The Header length is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Header value is empty - Description (ERR):
- The Header is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid header value value - Description (ERR):
- The header value is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate header trigger value: error reason - Description (CRIT):
- If the analysis engine is unable to return the header trigger value, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Header condition value is empty - Description (ERR):
- The Header condition is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid header condition value - Description (ERR):
- The header condition is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate special trigger: error reason - Description (CRIT):
- If the analysis engine is unable to return the special trigger, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Special location value is empty - Description (ERR):
- The Special location is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Special length value is empty - Description (ERR):
- The Special length is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Special value is empty - Description (ERR):
- The Special is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid special value value - Description (ERR):
- The special value is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
plugin_parser: Failed to allocate special trigger value: error reason - Description (CRIT):
- If the analysis engine is unable to return the special trigger value, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
plugin_parser: Special condition value is empty - Description (ERR):
- The Special condition is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid special condition value - Description (ERR):
- The special condition is incorrectly defined which will produce unpredictable results.
- Response:
- Correct plugin configuration.
local_plugin_init: Failed to allocate IP reassembly tree: error reason - Description (ERR):
- An error occurred allocating the IP reassembly tree. The tree uses system memory allocation instead of the Realeyes Analysis Engine memory management. The application continues, but may fail soon after the error. Also, IP reassembly will not be performed.
- Response:
- Troubleshoot operating system problem based on the error reason.
plugin_parser: Number of collectors value is empty - Description (ERR):
- The Number of collectors is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: TCP wait value is empty - Description (ERR):
- The TCP wait is defined, but empty.
- Response:
- Correct plugin configuration.
plugin_parser: Invalid TCP wait value set to maximum - Description (WARN):
- The maximum TCP wait time is 32 seconds.
- Response:
- Correct Stream Handler configuration.
plugin_parser: Invalid TCP wait value set to minimum - Description (WARN):
- An invalid value was entered for the TCP wait time.
- Response:
- Correct Stream Handler configuration.
plugin_process: Non-IP protocol in data - Description (WARN):
- The data is expected to be IP packets. This indicates a problem in the Collector level, but the application continues.
- Response:
- Notify application development staff of the problem.
plugin_process: Failed to get new Stream - Description (ERR):
- The Plugin Support Library failed to allocate a new Stream.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
ip_reasm: Failed to get reassembled IP packet buffer: error reason - Description (CRIT):
- If the analysis engine is unable to return a new Data buffer for reassembling an IP packet, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
ip_reasm: Failed to get reassembled IP packet buffer: error reason - Description (CRIT):
- If the analysis engine is unable to return a new Data buffer for reassembling an IP packet, then the application will have to be restarted.
- Response:
- Determine if other applications are using excessive amounts of storage. Otherwise, recommend to management that the hardware be upgraded.
ip_reasm: Failed to allocate IP reassembly anchor: error reason - Description (CRIT):
- An error occurred allocating the IP reassembly anchor for a fragment in a new Stream. The anchor uses system memory allocation instead of the Realeyes Analysis Engine memory management.
- Response:
- Troubleshoot operating system problem based on the error reason.
ip_reasm: Failed to insert IP anchor in Red Black tree - Description (ERR):
- If the IP anchor cannot be inserted in the tree, there is a system memory error and the application will have to be restarted.
- Response:
- Troubleshoot operating system problem.
get_monitors: Failed to allocate monitored port and host buffers error reason - Description (CRIT):
- If the analysis engine is unable to return the monitored port and host buffers, then the application will have to be restarted.
- Response:
- Troubleshoot problem based on error message.
statistics_config: Statistics hour intervals out of order - Description (ERR):
- If the statistics hour intervals are out of order, Statistics collection is disabled.
- Response:
- Correct the Statistics section of the Action Analyzer configuration.
statistics_config: Statistics minute intervals out of order - Description (ERR):
- If the statistics minute intervals are out of order, Statistics collection is disabled.
- Response:
- Correct the Statistics section of the Action Analyzer configuration.
statistics_config: Failed to allocate home net array: error reason - Description (CRIT):
- If the analysis engine is unable to return the statistics structure, then the application will have to be restarted.
- Response:
- Troubleshoot problem based on error message.
statistics_config: Failed to allocate home net array: error reason - Description (CRIT):
- If the analysis engine is unable to return the statistics structure, then the application will have to be restarted.
- Response:
- Troubleshoot problem based on error message.
statistics_config: Statistics initialization failed - Description (ERR):
- If the statistics structure cannot be initialized, analysis statistics will not be collected, but the application will continue.
- Response:
- Troubleshoot based on previous messages.
create_statistics: Failed to get port monitoring shared memory segment: error reason - Description (CRIT):
- If the analysis engine is unable to return a shared memory segment, for port monitoring, the application will have to be restarted.
- Response:
- This buffer uses swappable storage that is allocated by the system. The shared memory system calls are dependent on the system configuration. On a Linux system, use the sysctl command to configure the system settings. Also, if the allocation fails, there may not be enough swap space available. If this occurs repeatedly, then increase the swap partition. Otherwise, recommend to management that the hardware be upgraded.
create_statistics: Failed to get port monitoring buffer: error reason - Description (CRIT): If the analysis engine is unable to return an port monitoring buffer, the application will have be restarted.
- Response: This buffer uses swappable storage that is allocated by the system. If the allocation fails, there may not be enough swap space available. If this occurs repeatedly, then increase the swap partition. Otherwise, recommend to management that the hardware be upgraded.
create_statistics: Failed to set port monitoring shared memory segment to automatically release: error reason - Description (CRIT): If the analysis engine is unable to set an port monitoring shared memory segment to automatically release, the application will run out of memory quickly and have to be restarted.
- Response: Troubleshoot the system problem based on the error reason. The shared memory system calls are dependent on the system configuration. On a Linux system, use the sysctl command to configure the system settings.
create_statistics: Failed to get first RB Tree block shared memory segment: error reason - Description (CRIT):
- If the analysis engine is unable to return a shared memory segment, for first RB Tree block, the application will have to be restarted.
- Response:
- This buffer uses swappable storage that is allocated by the system. The shared memory system calls are dependent on the system configuration. On a Linux system, use the sysctl command to configure the system settings. Also, if the allocation fails, there may not be enough swap space available. If this occurs repeatedly, then increase the swap partition. Otherwise, recommend to management that the hardware be upgraded.
create_statistics: Failed to get first RB Tree block buffer: error reason - Description (CRIT): If the analysis engine is unable to return an first RB Tree block buffer, the application will have be restarted.
- Response: This buffer uses swappable storage that is allocated by the system. If the allocation fails, there may not be enough swap space available. If this occurs repeatedly, then increase the swap partition. Otherwise, recommend to management that the hardware be upgraded.
create_statistics: Failed to set first RB Tree block shared memory segment to automatically release: error reason - Description (CRIT): If the analysis engine is unable to set an first RB Tree block shared memory segment to automatically release, the application will run out of memory quickly and have to be restarted.
- Response: Troubleshoot the system problem based on the error reason. The shared memory system calls are dependent on the system configuration. On a Linux system, use the sysctl command to configure the system settings.
get_rbloc: Failed to get RB tree location array: error reason - Description (CRIT):
- If the analysis engine is unable to allocate the location array for the RB Tree block, the application will have to be restarted.
- Response:
- This buffer uses swappable storage that is allocated by the system. Troubleshoot the problem based on the error reason.
get_rb_block: Failed to get new RB Tree block shared memory segment: error reason - Description (CRIT):
- If the analysis engine is unable to return a shared memory segment, for new RB Tree block, the application will have to be restarted.
- Response:
- This buffer uses swappable storage that is allocated by the system. The shared memory system calls are dependent on the system configuration. On a Linux system, use the sysctl command to configure the system settings. Also, if the allocation fails, there may not be enough swap space available. If this occurs repeatedly, then increase the swap partition. Otherwise, recommend to management that the hardware be upgraded.
get_rb_block: Failed to get new RB Tree block buffer: error reason - Description (CRIT): If the analysis engine is unable to return an new RB Tree block buffer, the application will have be restarted.
- Response: This buffer uses swappable storage that is allocated by the system. If the allocation fails, there may not be enough swap space available. If this occurs repeatedly, then increase the swap partition. Otherwise, recommend to management that the hardware be upgraded.
get_rb_block: Failed to set new RB Tree block shared memory segment to automatically release: error reason - Description (CRIT): If the analysis engine is unable to set an new RB Tree block shared memory segment to automatically release, the application will run out of memory quickly and have to be restarted.
- Response: Troubleshoot the system problem based on the error reason. The shared memory system calls are dependent on the system configuration. On a Linux system, use the sysctl command to configure the system settings.
get_new_statistics: Failed to allocate statistics: error reason - Description (CRIT):
- If the analysis engine is unable to return the statistics structure, then the application will have to be restarted.
- Response:
- Troubleshoot problem based on error message.
release_rb_block: Failed to detach RB Tree block shared memory segment: error reason - Description (ERR): If the analysis engine is unable to detach a RB Tree block shared memory segment, the application will run out of swap space and eventually have to be restarted.
- Response: Troubleshoot the system problem based on the error reason. The shared memory system calls are dependent on the system configuration. On a Linux system, use the sysctl command to configure the system settings.
release_rb_block: Failed to detach port statistics shared memory segment: error reason - Description (ERR): If the analysis engine is unable to detach a port statistics shared memory segment, the application will run out of swap space and eventually have to be restarted.
- Response: Troubleshoot the system problem based on the error reason. The shared memory system calls are dependent on the system configuration. On a Linux system, use the sysctl command to configure the system settings.
store_tree: More than 1 million Statistics in tree - Description (ERR):
- The number of Statistics is too large. The current tree is not saved.
- Response:
- Troubleshoot operating system problem based on the error reason.
store_tree: Failed to allocate Statistics list: error reason - Description (CRIT):
- If the memory cannot be allocated for the Statistics list, there is an underlying system problem and the application will have to be restarted.
- Response:
- Troubleshoot operating system problem based on the error reason.
store_tree: Failed to write to Statistics file error reason - Description (ERR):
- If the Statistics file cannot be written, the Statistics information will not be saved.
- Response:
- Troubleshoot operating system problem based on error reason.
statistics_file: Failed to open Statistics file 'filename' for writing: error reason - Description (ERR):
- If the Statistics save file cannot be opened, the Statistics information will not be saved.
- Response:
- Troubleshoot operating system problem.
statistics_file: Failed to write to data type Statistics file: error reason - Description (ERR):
- If the Statistics file cannot be written, the Statistics information will not be saved.
- Response:
- Troubleshoot operating system problem based on error reason.
statistics_file: Invalid number of TCP ports in Statistics file: expected != actual - Description (WARN):
- If the Statistics file TCP port counter is incorrect, which may mean there is inaccurate data in the port statistics.
- Response:
- Report the problem to the application development team.
statistics_file: Invalid number of UDP ports in Statistics file: expected != actual - Description (WARN):
- If the Statistics file UDP port counter is incorrect, which may mean there is inaccurate data in the port statistics.
- Response:
- Report the problem to the application development team.
statistics_file: Failed to open Statistics file 'filename' for reading: error reason - Description (ERR):
- If the Statistics save file cannot be opened, the Statistics information will not be to the new session. This message is only issued if the file exists.
- Response:
- Troubleshoot operating system problem.
statistics_file: Failed to read data type from Statistics file: error reason - Description (ERR):
- If the Statistics file cannot be read, the Statistics information will not be carried over from the previous session.
- Response:
- Troubleshoot operating system problem based on error reason.
statistics_file: Failed to get Statistics Red Black tree block - Description (CRIT):
- If a Statistics Red Black tree block cannot be obtained, there is a system memory error and the application will have to be restarted.
- Response:
- Troubleshoot operating system problem.
statistics_file: Failed to insert Statistics node in Red Black tree - Description (ERR):
- If the Statistics node cannot be inserted in the tree, there is an application problem.
- Response:
- Troubleshoot application problem based on previous messages.
collect_statistics: Failed to allocate new Statistics structure - Description (CRIT): If the analysis engine is unable to get a new Statistics structure, statistics will not be collected.
- Response: Troubleshoot the problem based on the previous messages.
mon_host: Failed to insert monitored host node in Red Black tree - Description (ERR):
- If the analysis engine is unable to insert a monitored host node in the tree, there is a system memory error and the application will have to be restarted.
- Response:
- Troubleshoot operating system problem.
Generated on Mon Apr 20 17:34:00 2009 for RealeyesIDS by
1.3.6