DLP events aren't parsing or the SQL service is crashing with a stack dump in the SQL error logs
Last Modified: 2023-05-31 11:07:19 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Découvrez comment un écosystème XDR qui s'adapte en permanence peut dynamiser votre entreprise.
Bryan Palma, CEO de Trellix, explica la imperiosa necesidad de contar con una seguridad que aprenda y evolucione.
Descargue el informe Magic Quadrant, que evalúa a los 19 proveedores en función de su amplitud de visión y capacidad de ejecución.
Según Gartner, "XDR es una tecnología emergente que ofrece funciones mejoradas de prevención, detección y respuesta a amenazas.".
¿A qué amenazas de ciberseguridad deberían prestar atención las empresas durante 2022?
En el sector de la ciberseguridad no hay tiempo para aburrirse y nunca ha habido un mejor momento para aceptar esta idea como una ventaja y un catalizador de la actividad empresarial.
Dos líderes reconocidos del mercado de la ciberseguridad han unido fuerzas para crear un mundo digital resiliente.
Bryan Palma, CEO de Trellix, explica la imperiosa necesidad de contar con una seguridad que aprenda y evolucione.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
DLP events aren't parsing or the SQL service is crashing with a stack dump in the SQL error logs
Technical Articles ID:
KB92600
Last Modified: 2023-05-31 11:07:19 Etc/GMT Environment
Data Loss Prevention Endpoint (DLP Endpoint) 11.x ePolicy Orchestrator (ePO) 5.x Problem 1
You see an error similar to the following in the SQL error log: spid174 Unable to find index entry in index ID 1, of table 174115861, in database '<database name>'. The indicated index is corrupt or there is a problem with the current update plan. Run DBCC CHECKDB or DBCC CHECKTABLE. If the problem persists, contact product support. spid146 **Dump thread - spid = 0, EC = 0x0000022076B0B810 spid146 ***Stack Dump being sent to D:\MSSQL\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\LOG\SQLDump1056.txt spid146 * ******************************************************************************* spid146 * spid146 * BEGIN STACK DUMP: spid146 * 06/16/21 14:54:55 spid 146 spid146 * spid146 * CPerIndexMetaQS::ErrorAbort - Index corruption spid146 * spid146 * Input Buffer 170 bytes - spid146 * 16 00 00 00 12 00 00 00 02 00 00 00 00 00 00 00 00 00 spid146 * U D L P _ C 01 00 00 00 1f 00 55 00 44 00 4c 00 50 00 5f 00 43 00 spid146 * l e a n C o m p u 6c 00 65 00 61 00 6e 00 43 00 6f 00 6d 00 70 00 75 00 spid146 * t e r P r o p e r 74 00 65 00 72 00 50 00 72 00 6f 00 70 00 65 00 72 00 spid146 * t i e s _ S P @ 74 00 69 00 65 00 73 00 5f 00 53 00 50 00 00 00 10 40 spid146 * m c A f e e A g e 00 6d 00 63 00 41 00 66 00 65 00 65 00 41 00 67 00 65 spid146 * n t G u i d $ ¢ 00 6e 00 74 00 47 00 75 00 69 00 64 00 00 24 10 10 a2 spid146 * ܵD|ë < @ 95 dc b5 44 7c eb 11 3c 12 00 00 00 00 00 00 0c 40 00 spid146 * c o m p u t e r _ 63 00 6f 00 6d 00 70 00 75 00 74 00 65 00 72 00 5f 00 spid146 * id & 69 00 64 00 01 26 04 00 Problem 2The "Event Parser" in ePO is unable to parse the DLP events and moves them to the "Debug" folder as seen below:
Cause
This issue is caused with a DLP-stored procedure named This statement causes a delete action on the data that's read with a ' Solution
To resolve the issue, perform the following steps:
Attachment 1Attachment 2Affected ProductsLanguages:This article is available in the following languages: |
|