Bluecoat Knowledge Base

7/25/2019 Bluecoat Knowledge Base

1/16


https://kb.bluecoat.com/index?page=content&id=KB3460

Knowledge Base

Alerts

Cloud Announcements

FAQ

Product Information

Security Advisories

SolutionsSupport Documents

Technical Alerts

Support (https://support.bluecoat.com) > Knowledge Base (https://kb.bluecoat.com/index?page=home) > Solutions (https://kb.bluecoat.com/index?page=content&channel=SOLUTIONS) > Solutions

Detail

Solutions

hat are some tips for reading the Reporter journal files?

(https://kb.bluecoat.com/index?

page=content&channel=SOLUTIONS)

Back to all Solutions


page=content&channel=SOLUTIONS)


page=content&id=KB3460&pmv=print&impressions=false)

Printer Friendly


page=content&id=KB3460&pmv=print&impressions=false)

(#rate)

Rate

this

Page

(#rate)

Solutions

ID: KB3460

Version: 30.0

Status: Published

Published

date: 09/29/2009

Updated: 06/13/2014

Applies

To:

Linux 32 bit (https://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=LINUX_32_BIT) , Linux 64 bit (https://kb.bluecoat.com/index?

page=content&channel=SOLUTIONS&cat=LINUX_64_BIT) , Windows 32 Bit (https://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=WINDOWS_32_BIT) , Windows 64 Bit

(https://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=WINDOWS_64_BIT) , Reporter 9 (https://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=REPORTER_9)

Problem Description

I havethe Blue CoatReporterjournal files open ina word processor; are there som e tips for how or what I should see in

hese?

hat are some key word searches we could use to search through the journals of Reporter?

Resolution

The Reporter journal files are kept in a folder jus t off the root of the main Blue Coat folder, and are rotated through to the

next journal whenever they reach 5,121 KB.

In Linux, the default folder location is/op/bc/reporter/journal.

In Windows, the default folder location is c:/Program Files/Bluecoat Reporter 9/journals.

The following is a typical journal entry.

BCRJ:2009-09-23 14:37:21(4aba6ae1) NOR.INFO.START

src/sg_main.cpp,625,HandleExternalStartupOptions

main_00001ae0(6880),,

Created the 'isready.txt' file to indicate an administrator exists

BCRJ - Blue Coat Reporter Journal.

2009-09-23 14:37:21 is the date and time down to the seconds .

NOR.INFO.START - NORstands for normal journal entry. Normal journal entries are not shown in the Reporter

BlueTouch Online

Support Home Licensing Documentat ion Bluecoat.com

Need a Login?Username: * Password: * Logi
https://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=WINDOWS_64_BIThttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=REPORTER_9https://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=LINUX_64_BIThttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONShttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONShttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONShttps://kb.bluecoat.com/index?page=content&channel=SUPPORT_DOCUMENTShttps://kb.bluecoat.com/index?page=content&channel=SECURITY_ALERTShttps://kb.bluecoat.com/index?page=content&channel=SUPPORT_DOCUMENTShttps://kb.bluecoat.com/index?page=content&channel=SECURITY_ALERTShttps://kb.bluecoat.com/index?page=homehttp://www.bluecoat.com/supporthttps://bto.bluecoat.com/requestloginhttp://www.bluecoat.com/supporthttps://bto.bluecoat.com/requestloginhttp://www.bluecoat.com/supporthttps://bto.bluecoat.com/documentationhttps://bto.bluecoat.com/licensinghttps://bto.bluecoat.com/supporthttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=REPORTER_9https://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=WINDOWS_64_BIThttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=WINDOWS_32_BIThttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=LINUX_64_BIThttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONS&cat=LINUX_32_BIThttp://-/?-http://-/?-https://kb.bluecoat.com/index?page=content&id=KB3460&pmv=print&impressions=falsehttps://kb.bluecoat.com/index?page=content&id=KB3460&pmv=print&impressions=falsehttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONShttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONShttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONShttps://kb.bluecoat.com/index?page=homehttps://support.bluecoat.com/https://kb.bluecoat.com/index?page=content&channel=TECHNICAL_FIELD_ALERTShttps://kb.bluecoat.com/index?page=content&channel=SUPPORT_DOCUMENTShttps://kb.bluecoat.com/index?page=content&channel=SOLUTIONShttps://kb.bluecoat.com/index?page=content&channel=SECURITY_ALERTShttps://kb.bluecoat.com/index?page=content&channel=PRODUCT_INFORMATIONhttps://kb.bluecoat.com/index?page=content&channel=FAQhttps://kb.bluecoat.com/index?page=content&channel=CLOUD_ANNOUNCEMENTShttps://kb.bluecoat.com/index?page=content&channel=ALERTShttps://kb.bluecoat.com/index?page=home


2/16


https://kb.bluecoat.com/index?page=content&id=KB3460 2

interface. Entries that begin withALW, such asALW.ERRO.LOGSO, are shown.

ALW.INFO.START - INFOindicates that this is an informational message. Other poss ible entries are ERRO

(error) andWARN (warning).

ALW.INFO.START - STARTstands for which part of the code is telling us som ething. In this case, the Startup part

of the source code is printing out this m ess age. Other code part options are LOGSO (log sources),AUTHE

(authentication),WEBSE (webserver), and DATAB (database).

The journal mes sages should be grouped according to what time they were printed out and what portion of the code

hey came from. For example, even though you see a DATAB message printed in the journal at the same time as (in the

row above or below) anAUTHE message, it does not mean that they are related. In fact, the chances of a database error

and a authentication message being related are very remote.

There are two ways you can search for comments:

Open up each journal file, one by one, and search.

Position yourself at the root folder - mentioned above - and search all of the files for the below mentioned

keywords.

Here's what you see in a report journal on a successful startup, with comm ents in bold that explain each s tep:

The Isready file is created at the root of the Reporter install.

This comment declares that the file was found when Reporter first started after a fresh install. It also is indicative that

only the default admin user is configured. The file remains there for the duration of the Reporter installation, and this

message is only shown in the first journal.

BCRJ:2009-09-23 14:37:21 (4aba6ae1) NOR.INFO.START

src/sg_main.cpp,625,HandleExternalStartupOptions

main_00001ae0(6880),,

Created the 'isready.txt' file to indicate an administrator exists

Declaring the License info: Standard /Premium/

BCRJ:2009-09-23 14:37:21 (4aba6ae1) ALW.WARN.UNDEF

src/sg_license.cpp,87,CheckAndFixupLicensing

main_00001ae0(6880),,

Generating standard license to allow maximum of 50000000 database requests across

all loaded databases

Version info: CPU/version/Operating System and build.

Blue Coat Reporter (32-bit), Release Version 9.1.3.1, Build 41492, Windows Server 2003 Enterprise Edition

TIMEZONE Information:

BCRJ:2009-09-23 14:37:21 (4aba6ae1) ALW.INFO.START

src/sg_main.cpp,1285,MainThread::Run

main_00001ae0(6880),,

The time zone is 'Eastern Daylight Time' (+05:00:00)

Information on where Reporter is installed follows:

here Reporter keeps this customers unique configuration settings-A working configuration:



main_00001ae0(6880),,

settings-root=D:/Program Files/Blue Coat Reporter 9/settings/

here Reporter is storing its default settings:



3/16




main_00001ae0(6880),,

settings-default=D:/Program Files/Blue Coat Reporter 9/settings_default/

Other folders noticed and journaled on bootup are:

Note: The entire journaled message is not included here.

system-root=D:/Program Files/Blue Coat Reporter 9/system/

updates-root=D:/Program Files/Blue Coat Reporter 9/updates/

utilities-root=D:/Program Files/Blue Coat Reporter 9/utilities/webclient-root=D:/Program Files/Blue Coat Reporter 9/webclient/

here the Journal, Archived Reports, and database are kept:

databases -root=D:/Program Files/Blue Coat Reporter 9/databases/

journal-root=D:/Program Files/Blue Coat Reporter 9/journal/

archive-root=D:/Program Files /Blue Coat Reporter 9/archive/

Username and password created for YWRtaW4=

Note: ( check local_users.cfg file for who this is )



main_00001ae0(6880),,

username=YWRtaW4=



main_00001ae0(6880),,

password=0aff4b401c79e510a649a

Ports for the websever are declared as intialized by these messages:

BCRJ:2009-11-10 10:31:57 (4af9957d) ALW.INFO.START

src/sg_task.cpp,1820,MasterThread::Run_Init master_thread_00000e04(3588),,

Web server initialized CLR port 0.0.0.0:8081

You might see the above port 8081 if only HTTP is us ed. If HTTPS is used, you'll see the s ame m ess age but with 8082.

The streaming port is also declared open in a sim ilar fashon.

The streaming port can also be declared non-functional by these messages.

BCRJ:2009-11-10 10:31:57 (4af9957d) ALW.ERRO.START

src/sg_task.cpp,2021,MasterThread::OpenSGPPort

master_thread_00000e04(3588),,

SGP server socket bind failure 10013 for port 0.0.0.0:9081

BCRJ:2009-11-10 10:31:57 (4af9957d) NOR.INFO.START

src/sg_task.cpp,1949,MasterThread::Run_Init

master_thread_00000e04(3588),,

SGP listener disabled due to initialization failure

NOTE: The above is on ly informational and Reporter continues to function.

If Reporter is loaded successfully, you see this Ctrl+C message and then ongoing informational messages, w hich

are outlined later in this article.



main_00001ae0(6880),,


4/16



==> PRESS 'CTRL+C' TO SHUTDOWN REPORTER

Other common messages and an explanation for each.

Running out of memory Warning:

Suggested search strings:

Reporter process

memory

ALERT or ALW.WARN.ALERT

BCRJ:2009-09-23 15:03:37 (4aba7109) ALW.WARN.ALERT

src/sg_alert_event_processor.cpp,3813,HandleAlert_GenericMemory

worker_thread_0000144c(5196),,

ALERT raised: Reporter process memory usage has climbed above the 75% (1.50 GB)

warning threshold -- currently 76% (1.52 of 2.00 GB)

Running out of memory cleared alert:

Suggested Search strings:

Reporter process

memory

ALERT or ALW.WARN.ALERT

BCRJ:2009-09-23 15:18:37 (4aba748d) ALW.INFO.ALERT

src/sg_alert_event_processor.cpp,3813,HandleAlert_GenericMemory

worker_thread_000008f8(2296),,

ALERT cleared: Reporter process memory usage has fallen below the 75% (1.50 GB)

warning threshold -- currently 59% (1.18 of 2.00 GB)

Running out of memory in file:

Remediation:Add more physical mem ory, not virtual memory.


Failed to allocate mem ory

msm alloc failed

BCRJ:2011-09-13 14:05:51 (4e6f471f) ALW.ERRO.LEP

src/sg_log_entry_processor.cpp,186,LogEntryProcessor::QueueLogEntry

worker_thread_00000b7c(2940),,

Failed to allocate memory for a new WORK_NODE

BCRJ:2011-09-13 07:18:09 (4e6ee791) ALW.ERRO.DATAS

src/sg_counters.cpp,744,GrowAvlPages_DataSpecific

worker_thread_000028e4(10468),,

ERROR: msmalloc failed in GrowAvlPages_DataSpecific

BCRJ:2011-09-13 07:18:09 (4e6ee791) ALW.ERRO.DATAS

src/sg_counters.cpp,991,CTreeFindOrMake


'CTreeFindOrMake' failed to add counters data 3584='635768' [root:61]

BCRJ:2011-09-13 07:55:37 (4e6ef059) ALW.ERRO.DATAS

e:\p4ws\reporter\rpt_9_2\production\src\sg_pagedavl_template.h,324,GrowAvlPages

worker_thread_00002b88(11144),,

ERROR: msmalloc failed in GrowAvlPages





5/16



'CTreeFindOrMake' failed to add counters node 10496='12818874' [root:206]


e:\p4ws\reporter\rpt_9_2\production\src\sg_pagedavl_template.h,324,GrowAvlPages


ERROR: msmalloc failed in GrowAvlPages




'CTreeFindOrMake' failed to add counters node 10496='228009' [root:206]

Running out of Disk space alert.


ALERT cleared

Disk storage usage

climbed

BCRJ:2009-11-02 08:51:18 (4aeee3d6) ALW.ERRO.ALERT

src/sg_alert_event_processor.cpp,3813,

worker_thread_46f1c940(1190250816),,

ALERT raised: Disk storage usage has climbed above the 0% (0.00 KB) critical limit -

- currently 0% (0.00 of 0.00 KB

NOTE: The above message represents a bug in Reporter on LINUX servers, as both actual and maximum values are

zero. Upgrade the to version 9.1.3.4. or later to fix this.

Running out of Disk space cleared alert:


ALERT cleared

Disk storage usage

BCRJ:2009-11-02 08:56:19 (4aeee503) ALW.INFO.ALERT

src/sg_alert_event_processor.cpp,3813,

worker_thread_43316940(1127311680),,

ALERT cleared: Disk storage usage has fallen below the 85% (0.00 KB) critical limit

-- currently 80% (0.00 of 0.00 KB)

A Blue Coat Reporter client has been configured to send to Reporter and is now being upgraded from 'unassigned'

o 'assigned'

In other words, it is now linked to a database.

Suggested Search string:

Upgraded

BCRJ:2009-09-23 16:05:52 (4aba7fa0) NOR.INFO.DBMGR

src/sg_profile.cpp,2894,DatabaseManager::UpdateUnassignedLogSource


Upgraded unassigned log source 'stream:assigned_1b527284124658a438211441291d7a40'

Note:Databases have a hashed name, you can search for in the journals, to find events for them. To find the hash, you

can navigate down to program Filessettingsdatabase and open up each cfg file, looking for their name,

in English, and then their hash nam e. The hash name o ften looks like this:

database_8b4e6220a87a11de8804f0004c9ba7ce.To search for activity on them them, such as loading or unloading,

use this name.


6/16



An entry indicating a crash has occured and Reporter is attempting to shut down:

NOTE:A good indicator that the journal file does not not contain a crash is if it had to roll over and start another journal

file. Its s ize, in this cas e, would be 5,121 KB.

Suggested search str ing:

SHUTTING DOWN

BCRJ:2009-09-23 14:51:22 (4aba6e2a) ALW.INFO.SHUTD


main_00001f30(7984),,

==> REPORTER IS SHUTTING DOWN IMMEDIATELY BECAUSE OF SOME ABNORMAL INTERNAL

CONDITION

A entry indicating the administration has manualy shut down the Reporter services or daemon:

NOTE: This would typicaly be done by a control C event on the LINUX terminal, or clicking on the service in the "Manager

Services" list, and shutting it down in Windows. This is a normal event, not a crash.

Suggested search string:

SHUTTING DOWN

NORMALLY

CONSOLE

BCRJ:2009-09-23 14:51:22 (4aba6e2a) ALW.INFO.SHUTD


main_00001f30(7984),,

==> REPORTER IS SHUTTING DOWN NORMALLY BECAUSE OF A CONSOLE

'CTRL_SHUTDOWN_EVENT'REPORTER IS SHUTTING DOWN NORMALLY BECAUSE OF A CONSOLE

'CTRL_SHUTDOWN_EVENT'

Log source Messages


Loaded log source

unloaded log source.

FTP

UNIX

1: Loading and unloading:

BCRJ:2009-09-25 02:26:49 (4abc62a9) NOR.INFO.LOGSO

src/sg_logreader.cpp,179,LogReader::Load


Loaded log source 'BlueCoatdb:stream:assigned_1b527284124658a438211441291d7a40

BCRJ:2009-09-24 18:01:16 (4abbec2c) NOR.INFO.LOGSO

src/sg_profile.cpp,4315,DatabaseManager::PhasedLogSource

worker_thread_00001970(6512),,

Unloaded log source 'BlueCoatdb:stream'

2: FTP-related:

BCRJ:2010-03-20 01:16:32 (4ba48460) NOR.INFO.LOGSO

src/sg_logreader.cpp,5638,FTPCloseLogFile


Failed to post process FTP log source file


7/16



'bluecoat_reporter_db:useclifwp120:./SG_main_XX231_0319.log.gz'

BCRJ:2010-03-20 01:16:32 (4ba48460) NOR.INFO.LOGSO

src/sg_logreader.cpp,963,LogReader::WriteCheckpointFile


Checkpoint while processing log source file

'bluecoat_reporter_db:useclifwp120:./SG_main_XX231_0319.log.gz'

NOTE: For more information on why the above FTP log source unloaded, see KB3753 (https://kb.bluecoat.com/index?page=content&id=KB3753) .

Blue Coat Access log rename error.


RENAME

errno 32

failed

BCRJ:2009-10-05 12:15:25 (4aca1b9d) ALW.ERRO.LOGSO

src/sg_logreader.cpp,3708,HFPCloseLogFile


RENAME log source file

'Q3_September_2009:sept:D:/BC_Logs/Sept/PRXY03_main__2250903145136.log.gz' to

'D:/BC_Logs/Sept/PRXY03_main__2250903145136.log.gz.done' failed with errno 32

NOTE:An attempt to rename the log source failed, because the file was s till open or in use by a external

application.

Blue Coat Access log move er ror:

MOVE

failed with

errno 18

BCRJ:2009-12-10 14:28:21 (4b214bd5) ALW.ERRO.LOGSO

src/sg_logreader.cpp,3882,

worker_thread_b1b27ba0(2981264288),,

MOVE log source file 'BOSdb:a1web1 logfiles:/var/bcr/SG01RawLogs/SG_blue_coat_reporter_9__191208012554.log.gz' to

'/services/reporter/ProcessedLogs/SGweb1/SG_blue_coat_reporter_9__191208012554.log.gz'

failed with errno 18 BCRJ:2009-12-10 14:28:21 (4b214bd5) NOR.INFO.LOGSO


worker_thread_b1b27ba0(2981264288),,

Checkpoint while processing log source file 'BOSdb:a1web1 log

files:/var/bcr/SG01RawLogs/SG_blue_coat_reporter_9__191208012554.log.gz'

NOTE:Reporter 8x and 9.1 might us e the MOVE post-process ing action only within the same file system. Moves between

different file system moves are not supported. On both LINUX and Windows, the rename and the move comm ands are

so s imiliar that the sam e API is called.

Blue Coat client connected/loaded


SG

closed

connection

BCRJ:2009-03-25 12:38:01 (49ca6bf9) NOR.INFO.LOGSO

src/sg_logreader.cpp,5560,SGPGetLogBuffer



8/16



SG closed connection from SGP log source ''

NOTE: This journal message is actually showing that the ProxySG appliance reques ted the connection to close. If you

look around a little more, the journal file provides a different message for a new SGP connection.

Reporter crashed.

(Look in the journal prior to this one, to find out what it was doing before it crashed.)


The previous instance of Reporter

shutdown

BCRJ:2009-03-26 16:39:35 (49cbf617) ALW.ERRO.START

src/sg_main.cpp,939,CreateServerRunningFile

main_00001280(4736),,

The previous instance of Reporter (started at '2009-03-25 12:29:44') did not

shutdown

Reporter is loaded and ready:

Suggested search strings.

8081

port

Web server initilized

BCRJ:2009-03-25 12:29:44 (49ca6a08) ALW.INFO.START


master_thread_000016b4(5812),,

Web server initialized CLR port 0.0.0.0:8081

You can now attach to the Reporter webserver on port 8082


8082

port

Web server initilized

( Reporter is mos t probably using HTTPS)

BCRJ:2009-04-22 17:01:20 (49ef93b0) ALW.INFO.START


master_thread_000010c8(4296),,

Web server initialized SSL port 0.0.0.0:8082

Reporter will not load because it can't bind its Webserver to a port., or it can't find the cfg file to load it.


port

8081

bind failure

BCRJ:2010-01-19 09:42:14 (4b54f1d6) ALW.ERRO.START


master_thread_00000128(296),,

Web server CLR socket bind failure 10013 for port 0.0.0.0:8081

BCRJ:2010-11-24 10:42:05 (4ced4e6d) ALW.ERRO.START


master_thread_000013ec(5100),,


9/16



Failed to find web server protocol configuration

Suggested remedia tion: In the command line, run a nestat- a command to find out which application is us ing

his port, then s top that application. Or edit the Reporte preferences.cfg file and change it to use another port. See

KB3748 (https://kb.bluecoat.com/index?page=content&id=KB3748) for more details on how to troubleshoot this iss ue.

The Blue Coat Reporter client is open on the Reporter server, ready to receive connections from the SG.


9081

initialized port

BCRJ:2009-03-26 16:39:35 (49cbf617) ALW.INFO.START

src/sg_task.cpp,1928,MasterThread::OpenSGPPort

master_thread_00001ea0(7840),,

SGP server initialized port 0.0.0.0:9081

properly.

DATABASE MESSAGES

Loaded Database


Loading

Loaded

database

BCRJ:2009-03-25 12:35:47 (49ca6b73) NOR.INFO.DBMGR

src/sg_profile.cpp,1345,DatabaseManager::PhasedDatabaseHandler


Loading database 'JOE'

Database expirey message

Suggested search strings

Expired

database

ExpireDatabaseJob

BCRJ:2009-03-27 00:00:39 (49cc5d77) NOR.INFO.EXPIR

src/sg_profile.cpp,6838,ExpireDatabaseJob::PhaseFunc_ExpireProcessing


Expired database 'database_35a24fe0196311deaf33f0004bab9db9'

Failed Database expire messages


Failed

Deleting file

Cannot expire database

BCRJ:2009-11-11 00:01:22 (4afa5332) ALW.ERRO.UTILI

src/sg_utility.cpp,1733,FileNode::RemoveFromFileSystem

worker_thread_00000eec(3820),,

Failed deleting file

(D:/BlueCoat/Database/database_8c450fc0ce2d11de932af0004cdacc40/347472/4111623.cnt)


10/16



You should change time "daily expire DB".

BCRJ:2014-05-29 00:00:16 (5385fa00) NOR.INFO.DBMGR

src/sg_profile.cpp,2313,

worker_thread_debfd700(3737114368),,

Loading database 'Reporter_DB'

BCRJ:2014-05-29 00:00:48 (5385fa20) NOR.WARN.DBMGR


worker_thread_de1fc700(3726624512),, Cannot expire database that is not finished loading -- phase:1

(Reporter_DB:database_10505fa0c6d911e3a293f442f1233098)

BCRJ:2014-05-29 00:02:30 (5385fa86) NOR.INFO.DBMGR


worker_thread_debfd700(3737114368),,

Loaded database 'Reporter_DB:database_10505fa0c6d911e3a293f442f1233098'

Added Database


Added databas e

BCRJ:2009-09-04 10:34:25 (4aa0ed31) NOR.INFO.DBMGR

src/sg_profile.cpp,392,DatabaseManager::AddDatabase


Added database 'JOE:database_01696500993e11deab9cf0004c821fa6'

Deleted database


Deleting database

Deleted database

BCRJ:2009-11-26 12:59:45 (4b0e7bc1) NOR.INFO.DBMGR


worker_thread_00009a5c(39516),,

Deleting database

'database_01696500993e11deab9cf0004c821fa6:database_01696500993e11deab9cf0004c821fa6'

BCRJ:2009-11-26 12:59:57 (4b0e7bcd) NOR.INFO.DBMGR


worker_thread_00009a54(39508),,

Deleted database

'database_01696500993e11deab9cf0004c821fa6:database_01696500993e11deab9cf0004c821fa6'

Allocated memory size for Database


Flushing all datasets of size

BCRJ:2013-08-12 04:52:32 (5207eb80) NOR.INFO.DATAB

src/sg_logdb.cpp,1117,FlushDataSets



11/16



Flushing all datasets of size 4.59 GB for database 'database_name'

LIcense log line limit


50000000

DB

requests

Unloading ALL LOG SOURCES SYSTEM-WIDE

BCRJ:2009-03-27 19:08:57 (49cd6a99) ALW.WARN.ALERT

src/sg_alert_event_processor.cpp,4085,HandleAlert_LicensedDBRequests


ALERT raised: Licensed DB requests has reached or climbed above the 50000000 DB

requests

BCRJ:2009-03-27 19:08:57 (49cd6a99) ALW.ERRO.ALERT

src/sg_alert_event_processor.cpp,4518,AlertEventProcessor::ProcessAlertEvent


*** Please remedy this alert condition by unloading, expiring (or perhaps deleting)

one or more profiles ***

BCRJ:2009-03-27 19:08:57 (49cd6a99) ALW.ERRO.ALERT

src/sg_alert_event_processor.cpp,4522,AlertEventProcessor::ProcessAlertEvent


*** Unloading ALL LOG SOURCES SYSTEM-WIDE because of depleted licensed db requests

Another similar mess age on log line license limitations:

BCRJ:2009-03-27 19:18:56 (49cd6cf0) ALW.ERRO.LOGSO

src/sg_logreader.cpp,151,LogReader::Load

worker_thread_00001a7c(6780),,

System resource limitation prevented load for log source 'CFNI:CFNI-2'

Bad license entered

re-enter license

Suggested Search string;

substituted

BCRJ:2009-03-25 12:29:44 (49ca6a08) ALW.WARN.UNDEF

src/sg_license.cpp,87,CheckAndFixupLicensing

main_000011a4(4516),,

Standard license substituted for invalid license: ''

Reporter is processing this access log file.

Suggested search string:

Processing

log

source

BCRJ:2009-04-22 17:51:22 (49ef9f6a) NOR.INFO.LOGSO

src/sg_logreader.cpp,3122,HFPGetLogBuffer



12/16



Processing log source file 'Home_Office:Home_Office:E:/BC Reporter

Logs/Home_Office/SG_BCRLOG__230422225005.log.gz

Reporter has been changed from HTTP to HTTPS protocol:


8081 ( HTTP)

8082 (HTTPS)

9081 ( Using the SG - Bluecoat Reporter client- streaming)

Changes to server settings are valid

BCRJ:2009-10-02 10:43:47 (4ac62dc3) ALW.INFO.WEBSE

src/sg_webserver.cpp,7834,PreferencesHandler

worker_thread_00001cec(7404),,

Changes to server settings are valid -- no port numbers are shared between HTTP,

HTTPS and SG link (8081, 8082, 9081).

Reporter has a database that is corupt:


NOTE:As you can see below, there are multiple mes sages that indicate a problem with the database.

failed to obtain a log table

string fread failed

Corruption detected

Error 9 loading database

CRJ:2009-10-14 15:13:44 (4ad622e8) ALW.ERRO.DATAB

src/sg_logdb.cpp,414,GetLogTableCache

worker_thread_000010dc(4316),,

database_b22fdcb0b1bd11de834af0004aca21e8

BCRJ:2009-10-14 15:13:44 (4ad622e8) ALW.CRIT.LEP

BCRJ:2009-10-14 15:13:44 (4ad622e8) ALW.CRIT.LEP

src/sg_log_entry_processor.cpp,728,LogEntryProcessor::PhasedLogEntryProcessor

worker_thread_000010dc(4316),,

'PhasedLogEntryProcessor' failed to obtain a log table (uGLTC = 1041)

BCRJ:2009-11-03 11:46:41 (4af00a11) ALW.ERRO.DATAS

src/sg_dataset.cpp,1169,LoadAvlPages_DataSpecific

worker_thread_00000c6c(3180),,

ERROR: string fread failed (len = 20)

BCRJ:2009-11-03 11:46:41 (4af00a11) ALW.ERRO.DBMGR

src/sg_profile.cpp,5912,Profile::OpenProfileContext


Corruption detected in OpenProfileContext() when creating the data set

BCRJ:2011-07-26 20:03:44 (4e2f8010) NOR.ERRO.REPOR

src/sg_reports.cpp,4465,MergeSummaryReportData


Unable to open .cnt file for hour 364365

(The above mes sage als o happen if there has only been one access log loaded into the database, and it hasn't been

flushed to dis k yet. The user has attempted to load a report, but reporter can't find th data on disk)


13/16



BCRJ:2009-11-03 11:46:41 (4af00a11) ALW.ERRO.DBMGR



Error 9 loading database 'Lizzie:database_60eccbb0979b11de9c08f0004c7f5213'

BCRJ:2009-11-03 11:46:41 (4af00a11) NOR.INFO.DBMGR



Unloading database 'Lizzie'

Reporter is unable to load because of a database issue (corrupt):


Failed to find or validate database

REPORTER IS SHUTTING DOWN IMMEDIATELY

FAILURE CONDITION DURING STARTUP

InitializeAllDatabases' failed

Blue Coat Reporter (32-bit), Release Version 9.1.1.2, Build 38789, Linux (Linux

bcreport.companyname.net 2.6.9-67.0.20.ELsmp #1 SMP Wed Jun 18 12:40:47 EDT 2008 i686

i686 i386 GNU/Linux)

Copyright (C) 2009 Blue Coat Systems, Inc. All rights reserved.

2010-01-14 09:17:23 (4b4f2773) ALW.INFO.START

src/sg_main.cpp,1241,

main_b7fa16c0(3086620352),,

The time zone is 'EST' (+05:00:00)

2010-01-14 09:17:23 (4b4f2773) ALW.ERRO.DBMGR


main_b7fa16c0(3086620352),,

Failed to find or validate database 'database_09b4e7206c8e11de91f4f0004c3721a6' for

log source 'Haddon_Heights_SG:assigned_6516810f55739e4535fa63df43e2e8d1'

2010-01-14 09:17:23 (4b4f2773) ALW.ERRO.START


main_b7fa16c0(3086620352),,

'DatabaseManager::InitializeAllDatabases' failed -- system shutting down

2010-01-14 09:17:23 (4b4f2773) ALW.ERRO.SHUTD


main_b7fa16c0(3086620352),,

==> REPORTER IS SHUTTING DOWN IMMEDIATELY BECAUSE OF SOME FAILURE CONDITION DURING

STARTUP

2010-01-14 09:17:23 (4b4f2773) ALW.ERRO.SCHED

NOTE: In some cas es, such as the Linux issue above, it might be that the mount point that holds the database failed to

load.

NOTE: The remedy for any database coruption is sue is to re-process your log files for the database. In one of the above

cases , it was called database_b22fdcb0b1bd11de834af0004aca21e8. Use this article as your guide:

https://kb.bluecoat.com/index?page=content&id=FAQ415 (https://kb.bluecoat.com/index?page=content&id=FAQ415)

Access log was open, by another process when Reporter went to rename file.

BCRJ:2009-10-05 12:15:25 (4aca1b9d) ALW.ERRO.LOGSO

src/sg_logreader.cpp,3708,HFPCloseLogFile


RENAME log source file

'Q3_September_2009:sept:D:/BC_Logs/Sept/PRXY03_main__2250903145136.log.gz' to
https://kb.bluecoat.com/index?page=content&id=FAQ415


14/16



'D:/BC_Logs/Sept/PRXY03_main__2250903145136.log.gz.done' failed with errno 32

NOTE: A lot of these issues were faced with Reporter version 9.1.3.1 but were fixed in 9.1.3.3 PR.

Reporter crashed, or was halted in the middle of processing a log file:


Checkpoint while process ing log source file

BCRJ:2009-10-14 15:15:37 (4ad62359) NOR.INFO.LOGSO

src/sg_logreader.cpp,963,LogReader::WriteCheckpointFile


Checkpoint while processing log source file

'Q4_October_2009:LOG_DROP:LOG_DROP/PRXY02_main__21014150746.log.gz'

NOTE: This means that once the log processor res tarts, it continues process ing where it left off.

An attempt to e-mail was unsuccessful:

This e-mail could be a report or an alert mes sage. Often the remedy is to configure your e-mail settings in the

adminis tration section of Reporter.


smtp

Email

Sending

failed

BCRJ:2009-11-02 08:51:38 (4aeee3ea) NOR.ERRO.EMAIL

src/sg_smtp.cpp,456,

email_41f14940(1106331968),,

Email: connect failed (-1)

BCRJ:2009-11-02 08:51:38 (4aeee3ea) ALW.ERRO.EMAIL

src/sg_smtp.cpp,1068,

email_41f14940(1106331968),,

Sending email failed 1

Another example of an failed e-mail s end where we are expecting a SMTP response of 250, but do not receive it.

BCRJ:2011-02-14 17:55:25 (4d59c0ed) NOR.ERRO.EMAIL

src/sg_smtp.cpp,914,Email::Send

email_00000e48(3656),,

Email: body response != 250, email failed (0, 550)

BCRJ:2011-02-14 17:55:25 (4d59c0ed) ALW.ERRO.SCHED

src/sg_schedule.cpp,2767,Scheduler::ScheduledEventDone

email_00000e48(3656),,

Scheduled event failed schedule_cb0868e0385011e099c3f1e14100094d

BCRJ:2011-02-14 17:55:25 (4d59c0ed) ALW.ERRO.EMAIL

src/sg_smtp.cpp,1076,EmailThread::Run

email_00000e48(3656),,

Sending email failed 1

Running out of memory, and failing to run the DF command on linux.


failed to execute


15/16



'df' command s tring

BCRJ:2009-11-10 14:50:31 (4af9e027) ALW.ERRO.XPLAT

src/sg_xplat.cpp,2185,

worker_thread_43efe940(1139796288),,

'system' failed to execute the 'df' command string used to retrieve disk storage

results (df -P --block-size=1 "/opt/bc/reporter/databases/" 2>/dev/null

>"/opt/bc/reporter/system/bcreporterDiskInfo_jla4xe") (-1, 12)

Notes on the above error:

Reporter version 9.1.3.4 running on Linux attempted to execute this command to find how much disk space it had:

"df -P --block-size=1 "/opt/bc/reporter/databases/" 2>/dev/null

>"/opt/bc/reporter/system/bcreporterDiskInfo_jla4xe"

The (-1,12) means that the comm and failed (-1) , and the reason given was out-of-memory (12).

E-mail messages:


Email

Send

BCRJ:2009-11-20 15:41:00 (4b06480c) DEB.WARN.EMAIL

src/sg_.cpp,547,Email::Send email_00000ac8(2760),,

Email: AUTH PLAIN response 235 failed (0, 535) BCRJ:2009-11-20 15:41:00 (4b06480c)

DEB.ERRO.EMAIL

src/sg_.cpp,600,Email::Send email_00000ac8(2760),,

Email: base64 password response 235 failed (0, 535) BCRJ:2009-11-20 15:41:00

(4b06480c) ALW.ERRO.EMAIL

src/sg_.cpp,108,ReadStringFromFile_Int

email_00000ac8(2760),,

Notes on the above error.

Reporter attempted to send an e-mail, but was turned down because of a bad password by the SMTP gateway. The

above message indicates a 235 code was expected, which would have meant success , but instead a 535 was received

(see ins ide the brackets), which means a bad pas sword. Despite receiving a bad password response, Reporter

attempts to log into the gateway without a password to see if it will send that way.

The following message is only informational and indicates the type of contacted FTP host.

BCRJ:2010-11-29 06:51:53 (4cf33f79) NOR.INFO.LOGSO


FTPGetLogListworker_thread_00000bac(2988),,

Unix FTP host determined from reply '215 unix type: l8' for FTP log source 'IDC2:idcproxy02.01'

Messages you may see after upgrading to version 9.3.x of Reporter:

The service does not start and you see this message in the journal.

Error mess age seen in sales demo s erver journal log:

#####################################################################


16/16


Failed to locate LIBIDN library 'libidn.dll'

BCRJ:2011-08-31 08:49:04 (4e5e57f0) ALW.ERRO.START

src/sg_main.cpp,1285,MainThread::Run_Init

main_00000344(836),,

'LIBIDNSubSystem::ClassInit' failed

####################################################################

For details on how to fix this see, KB4607 (https://kb.bluecoat.com/index?page=content&id=KB4607)

Rate this Page

Please take a m oment to complete this form to help us better serve you.

Did this document help answer your question?Yes

No

If you are finished providing feedback, please

click the RATE CONTENT button. Otherwis e,

please add more detail in the following text box

and then click RATE CONTENT.

Your respons e will be us ed to improve our document content.

Rate Content

Copyright 2014 Blue Coat Systems, Inc. | Contact Support | Help
https://bto.bluecoat.com/helphttp://www.bluecoat.com/support/contactsupport/NALAhttps://kb.bluecoat.com/index?page=content&id=KB4607