Loading...

Knowledge Center


How to import data from MySQL into the Network Security Manager Solr database
Technical Articles ID:   KB86158
Last Modified:  6/17/2019
Rated:


Environment

McAfee Network Security Manager (NSM) 9.x, 8.x

IMPORTANT: Network Security Manager has transitioned from MySQL to MariaDB.
  • The Database used in NSM 9.1 changes to MariaDB with release 9.1.7.77.
     
  • This article features different steps if using NSM 9.1.7.77 and later.
     
  • For full information and news about other releases of NSM, see:
    KB91518 - Network Security Manager and Network Threat Behavior Analysis installation software images will be removed from McAfee Download server on May 31, 2019 (MySQL to MariaDB Transition)

Summary

NSM uses an in-memory database called Solr to display alerts in the dashboard and in the attack log. If the data in Solr is missing, or if the manager was recently upgraded, you see a blank dashboard and attack log.
 
Synchronize IPS alerts in the Solr Database
Use the following steps to re-create the data in the Solr database, and to repopulate the dashboard and the attack log:
  1. Stop the Network Security Manager service:
    Click the Network Security icon in the notification area and select Stop Manager.
     
  2. Open a command-line session:
    Click StartRun, type cmd, and click OK.
     
  3. Log on to the database tool:
    1. Type mysql -uroot -p, press ENTER, and then type the database password.
    2. Type use lf and press ENTER to select the correct database.  
       
  4. Run the following command and record the output:
    Type select timestampdiff(day,min(creationtime),now())+1 from iv_alert; and press ENTER. 
     
  5. Move or rename the existing data folder from the following location:
    • For NSM 8.x, 9.1 earlier than 9.1.7.77, and 9.2:
      • 8.x: Program Files(x86)\McAfee\Network Security Manager\Solr\conf\alerts\data.
      • 9.x: Program Files(x86)\McAfee\Network Security Manager\Solr\server\solr\alerts\data
         
    • For NSM 9.1.7.77 and later:
      • 8.x: Program Files(x86)\McAfee\Network Security Manager\Solr\conf\alerts\data
      • 9.x: Program Files(x86)\McAfee\Network Security Manager\Solr\server\solr\alerts\data
          
  6. Open a command-line session:
    Click StartRun, type cmd, and click OK.  
     
  7. Navigate to the app\bin location in NSM.
     
  8. Re-create the database with the required number of days information:
    Type SolrImport offline start days=<number of days> and press ENTER.
    NOTE: 
    • Replace <number of days> with the result of the query you ran in step 4 if it is less than 30.
    • If the result of step 4 is greater than 30, use the value 30.
      Using a value greater than 30 requires more time to re-create the Solr database.
      McAfee recommends using a value less than 30 to reduce Solr database recreation time. 
       
    • This step re-creates the Solr database (\data folder) in the path configured in step 5.  

Common problems and workarounds
  • The SolrImport offline start command fails to execute if the configuration files in the following location are missing, or the \conf folder itself is missing:
    \\Program Files(x86)\McAfee\Network Security Manager\Solr\conf\alerts\conf

    If you see this scenario, open a Service Request with Technical Support.
     
  • If you see the following error when you perform the steps above:
    Alert URI Map Size ==> 10000
    UnLocking test compilation task: 1
    Exception in thread "Thread-7" java.lang.OutOfMemoryError: GC overhead limit exceeded

    Follow these steps:
    1. ​​Open app\bin\solrImport.bat in an editor of your choice.
    2. Locate the line:
      set JO=%JO% -Xmx1024m
    3. Change it to:
      set JO=%JO% -Xmx4096m
    4. Continue implementing the solution from step 2 of the synchronize IPS alerts procedure above.
       
  • If after running the script, you start the NSM and the dashboard is still blank:
    1. View the output of the script you just ran.
    2. Scroll to the end of the output and search for the following lines:

      Stopping Solr Server
      ----- stopSolrServer() using ProcessBuilder() ------
      isWindows ==> true
      solrPath ==> C:\Program Files (x86)\McAfee\Network Security Manager\Solr\bin\solr.cmd
      Working Directory ==> C:\Program Files (x86)\McAfee\Network Security Manager\Solr\bin
      Stopping Solr process 4828 running on port 8983
      ERROR: Input redirection is not supported, exiting the process immediately.

      Perform one of the following actions, depending on the output generated:  
      • If you do not see the notification Stopping Solr Server, the Solr Server process is running in the background:
        1. Stop the manager service, and then start your task NSM: Right-click the taskbar and click Task Manager.
        2. In the Processes tab, sort the processes by name. If there are any Java processes using more than 100 MB of memory, kill them.
        3. Run the solution again, but this time, run the script with days=1.
          This step generates a new, mostly empty database, and can help in cases where the script is crashing on older alert data.
          New data is received properly and the old data is available for reports, but old data does not show in the dashboard or attack log.
           
      • If you do see the notification, open a Service Request with Technical Support.
        NOTE: You might see the error: ERROR: Input redirection is not supported, exiting the process immediately.
        You can ignore this error; it is normal.
If none of the above solutions resolve the issue, contact Technical Support for further assistance.

To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
  • If you are a registered user, type your User Id and Password, and then click Log In.
  • If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.
 

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.