Support Center > Search Results > SecureKnowledge Details
'Follow Up' flag disappears from IPS logs in SmartView Tracker
Symptoms
  • 'Follow Up' flag disappears from IPS logs in SmartView Tracker.
    No logs are shown in SmartView Tracker - 'Network Security Blades' - 'IPS Blade' - 'Follow Up' view.

    Example for 'Follow Up' flag:



  • The issue affects all IPS log files (existing and logs that were created after marking an IPS protection for 'Follow Up').

  • Issue occurs if the box 'Revision Control - Create database version' is checked in SmartDashboard, and SmartView Tracker is opened during policy installation.

  • Issue does not occur if:

    • The box 'Revision Control - Create database version' is cleared in SmartDashboard while SmartView Tracker is opened during policy installation
    • The SmartView Tracker is closed during policy installation, while the box 'Revision Control - Create database version' is checked in SmartDashboard
  • Debug of CPLMD (per sk86324) daemon during policy installation with 'Create database version' checked shows:

    [CPLMD PID ...]@HostName[Date Time] HandleReply: Received reply on opid [5], session [0x...] Object Not Found
    [CPLMD PID ...]@HostName[Date Time] HandleReply: pCommand != NULL
    [CPLMD PID ...]@HostName[Date Time] HandleReply: bCallAsyncHandler == false
    [CPLMD PID ...]@HostName[Date Time] --> 0x... CLmdCPMICache::DLPQueryCB
    [CPLMD PID ...]@HostName[Date Time] ... ... : Failed to run query
    [CPLMD PID ...]@HostName[Date Time] <-- 0x... CLmdCPMICache::DLPQueryCB
    
  • Debug of FWM daemon (per sk86186) daemon during policy installation with 'Create database version' checked shows:

    [FWM PID ...]@HostName[Date Time] ..--> 0x... DBOperation3::Get
    [FWM PID ...]@HostName[Date Time] DBOperation3::Get SELECT ... FROM ... WHERE ...
    [FWM PID ...]@HostName[Date Time] ...--> 0x... DBOperation3::SendError(char)
    [FWM PID ...]@HostName[Date Time] out of memory
    [FWM PID ...]@HostName[Date Time] ...<-- 0x... DBOperation3::SendError(char)
    [FWM PID ...]@HostName[Date Time] Sql Syntax Error sqlite_compile SELECT ... FROM ... WHERE ...
    [FWM PID ...]@HostName[Date Time] ..<-- 0x... DBOperation3::Get
    [FWM PID ...]@HostName[Date Time] .<-- 0x... QueryBuilder::Execute
    [FWM PID ...]@HostName[Date Time] Query Fail to run.
    [FWM PID ...]@HostName[Date Time] <-- 0x... SetToSql::QueryInSession
    [FWM PID ...]@HostName[Date Time] Query([Name = ...]) - failed
    
Cause

Creation of Database Revision Control snapshot clears the 'Follow Up' cache and the DLP cache. As a result, CPLMD daemon might fail to access the required data during/after the Database Revision.


Solution
Note: To view this solution you need to Sign In .