Event Parser fails to process events (Error Code: 2147467259)
Last Modified: 2023-08-07 10:31:21 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Event Parser fails to process events (Error Code: 2147467259)
Technical Articles ID:
KB93393
Last Modified: 2023-08-07 10:31:21 Etc/GMT Environment
Data Loss Prevention (DLP) Endpoint 11.3.x ePolicy Orchestrator (ePO) 5.10.x Problem
The ePO Event Parser fails to process DLP events. 20200915122202 E #00748 EVNTPRSR source\server.cpp(1064): COM Error 0x80004005, source=(null), desc=(null), msg=Unspecified error 20200915122202 I #00748 EVNTPRSR Requeueing D:\Program Files (x86)\DB\Events\6e49b989-2c50-44ed-8c35-ff6b741902df-mc_202009151221433892806000041E3.xml for retry 20200915122202 X #00748 EVNTPRSR source\server.cpp(1015): Processing <DLPPREV_1100>, D:\Program Files (x86)\DB\Events\6e49b989-2c50-44ed-8c35-ff6b741902df-mc_202009151221473935272000041E3.xml. 20200915122202 X #05128 EVNTPRSR source\server.cpp(1015): Processing <DLPPREV_1100>, D:\Program Files (x86)\DB\Events\6e49b989-2c50-44ed-8c35-ff6b741902df-mc_202009151221433892806000041E3.xml. 20200915122202 E #02216 HOSTDLPEVENT Error processing event. Error: SP: EPOEvents_InsertEvent2, Param: @AutoID. Error: The transaction log for database 'ePO_RGCMCAFEEEPO_Events' is full due to 'LOG_BACKUP'.. Error Code: -2147467259 20200915122202 E #02216 HOSTDLPEVENT Failed process event. Time elapsed: (in ms): 31 20200915122202 E #02216 EVNTPRSR source\server.cpp(1064): COM Error 0x80004005, source=(null), desc=(null), msg=Unspecified error 20200915122202 I #02216 EVNTPRSR Requeueing D:\Program Files (x86)\DB\Events\6e49b989-2c50-44ed-8c35-ff6b741902df-mc_202009151221393824169000041E3.xml for retry 20200915122202 X #02216 EVNTPRSR source\server.cpp(1015): Processing <DLPPREV_1100>, D:\Program Files (x86)\DB\Events\6e49b989-2c50-44ed-8c35-ff6b741902df-mc_202009151221393824169000041E3.xml. 20200915122202 X #05128 EPODAL ePOData_Connection.cpp(590): ssl Authenticate mode is 1 20200915122202 X #05128 HOSTDLPEVENT Start processing event using ProcessEvent(LPUNKNOWN DBConnection, LPUNKNOWN XMLDoc) 20200915122202 E #05176 HOSTDLPEVENT Error processing event. Error: SP: EPOEvents_InsertEvent2, Param: @AutoID. Error: The transaction log for database 'ePO_RGCMCAFEEEPO_Events' is full due to 'LOG_BACKUP'.. Error Code: -2147467259 20200915122202 E #05176 HOSTDLPEVENT Failed process event. Time elapsed: (in ms): 32 20200915122202 E #05176 EVNTPRSR source\server.cpp(1064): COM Error 0x80004005, source=(null), desc=(null), msg=Unspecified error 20200915122202 E #05176 EVNTPRSR source\server.cpp(1128): Failed to process file D:\Program Files (x86)\DB\Events\6e49b989-2c50-44ed-8c35-ff6b741902df-mc_202009151221153514546000041E3.xml, XML file error count 41899 20200915122202 X #00748 EPODAL ePOData_Connection.cpp(590): ssl Authenticate mode is 1 In the Windows Event Viewer, the Event ID: 9002 is generated under the Application log. Error: Source: MSSQLSERVER Date: 9/15/2020 1:57:37 PM Event ID: 9002 Task Category: Server Level: Error Keywords: Classic User: N/A Computer: RGCMCAFEEEPO Description: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSSQLSERVER" /> <EventID Qualifiers="49152">9002</EventID> <Level>2</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2020-09-15T05:57:37.882937400Z" /> <EventRecordID>3206441</EventRecordID> <Channel>Application</Channel> <Computer>RGCMCAFEEEPO</Computer> <Security /> </System> <EventData> <Data>ePO_RGCMCAFEEEPO_Events</Data> <Data>LOG_BACKUP</Data> <Binary>2A230000110000000E000000530044004300500057004D004300410046004500450044004200000013000000650050004F005F00530044004300500057004D0043004100460045004500450050004F000000</Binary> </EventData> </Event> Cause
The transaction log is FULL and there's no space in the partition to write the data for SolutionThe transaction Log file is saved on the disk drive. You must free the disk space that contains the Log file.
To create space in the drive, delete or move other files. The free space on the disk allows it to perform other tasks and resolves For more information about To check the partition of the LDF file for the
Example: NOTE: This script helps to check the partition and size of each MDF, NDF, and LDF file. Affected ProductsLanguages:This article is available in the following languages: |
|