Repair Notifications for JSA Appliances
Accumulation is Disabled for The Anomaly Detection Engine
38750121 - Accumulation disabled for the Anomaly Detection Engine.
Aggregate data view is disabled or unavailable or a new rule requires data that is unavailable.
A dropped accumulation does not indicate lost anomaly data. The original anomaly data is maintained because accumulations are data sets generated from stored data. The notification provides more details about the dropped accumulation interval.
The anomaly detection engine cannot review that interval of the anomaly data for the accumulation.
Update anomaly rules to use a smaller data set.
If the notification is a recurring SAR sentinel error, system performance might be the cause of the issue.
An Infrastructure Component was Repaired
38750084 - Corrupted infrastructure component repaired.
A corrupted component that is responsible for host services on a managed host was repaired.
No action is required.
Custom Property Disabled
38750097 - A custom property has been disabled.
A custom property is disabled because the custom property has processing problems. Rules, reports, or searches that use the disabled custom property stop working properly.
Select one of the following options:
Review the disabled custom property to correct your regex patterns. Do not re-enable disabled custom properties without first reviewing and optimizing the regex pattern or calculation.
If the custom property is used for custom rules or reports, ensure that the Optimize parsing for rules, reports, and searches check box is selected.
Data Replication Difficulty
38750085 - Data replication experiencing difficulty.
Data replication ensures that managed hosts can continue to collect data if the console is unavailable.
A managed host had difficulty downloading data. If a managed host repeatedly fails to download data, the system might experience performance or communication issues.
If a managed host does not resolve the replication issue on its own, contact Juniper Customer Support.
Replication Cleanup Skipped for Host
38750172 - Database replication cleanup skipped for host as it has been too long since it received an update.
Data replication ensures that managed hosts can continue to collect data when the console is not available.
A managed host was skipped during cleanup because it was too long since it received an update. If a managed host fails to receive replication updates from the console, it isn't connecting properly to the console.
To resolve this issue, select one of the following options:
Click Admin > System and License Management, and then check the status of your managed host. Ensure that the Host Status is Active. If the Host Status is unknown, there are issues with the managed host that you need to investigate.
If a managed host doesn't resolve the replication issue on its own, contact Juniper Customer Support.
MPC: Process Not Shutdown Cleanly
38750058 - MPC: Server was not shutdown cleanly. Offenses are being closed in order to re-synchronize and ensure system stability.
The magistrate process encountered an error. Active offenses close, services restarts, and the database tables are verified and rebuilt if necessary.
The system synchronizes to prevent data corruption. If the magistrate component detects a corrupted state, then the database tables and files are rebuilt.
The magistrate component self-repairs. If the error continues, contact Juniper Customer Support.
Protocol Source Configuration Incorrect
38750057 - A protocol source configuration may be stopping events from being collected.
The system detected an incorrect protocol configuration for a log source. Log sources that use protocols to retrieve events from remote sources can generate an initialization error when a configuration problem in the protocol is detected.
Resolve the protocol configuration issues by following these steps:
Review the log source to ensure that the protocol configuration is correct.
Verify authentication fields, file paths, database names for JDBC, and ensure that the system can communicate with remote servers. Hover your mouse pointer over a log source to view more error information.
/var/log/qradar.logfile for more information about the protocol configuration error.
Raid Controller Misconfiguration
38750140 - Raid Controller misconfiguration: Hardware Monitoring determined that a virtual drive is configured incorrectly.
For maximum performance, raid controllers cache and battery backup unit (BBU) must be configured to use write-back cache policy. When write-through cache policy is used, storage performance degrades and might cause system instability.
Review the health of the battery backup unit. If the battery backup unit is working correctly, change the cache policy to write-back.
Restored System Health by Canceling Hung Transactions
38750049 - Transaction Sentry: Restored system health by canceling hung transactions or deadlocks.
The transaction sentry restored the system to normal system
health by canceling suspended database transactions or removing database
locks. To determine the process that caused the error, review the
qradar.log file for the word
No action is required.