Ayed, we are working on it - it seems that log files being received by SEPM contain an invalid format.  Out of interest, have you upgraded any of your clients to MR3 yet?

Can you take a look on your SEPM in the data\inbox folder and see if you have any .err files present?

If so, let me know and I can arrange for somewhere to upload. 

1) yes I have a lot of *.err files? How can I submit them to support ?

2) I'll upgrade some clients and watch for any problems

thanks Ayed, please can you zip them up and upload to:

https://fileshare.symantec.com

u: symc_sep_troubleshooting

p: $Ym@nt3c

and I will get them to the engineers

thanks 

The ZIP file (SEPM-MR3-err-files.zip) is already uploaded

Hi Paul,

         I have also face same issue in my all SEPM server which are mentioned by Ayed.

I have following queries regarding mr3

1) In MR3 whenever export the logs from monitor tab for computer status but which are not showing computer name, ip address, gateway.

2) In client tab any clien just open by doubled click for checking the definition its showing proactive threat definition is updated(current date 19th September 2008) but client side which are showing 30th July 2008. 

 I have already open a case for that but no reply(he told me, he investigate on that issue for high laval).

Regards,

Milind Yashwantrao

Good morning. I  am having the same problem also.  The error is as follows:

Event type: An unexpected exception has occurred
Event description: Invalid log record: Too few fields.
Error message: 
Error code: 
Stack trace: com.sygate.scm.server.logreader.ParseException (4): Invalid log record: Too few fields. 0001 0021 0003 0000 at com.sygate.scm.server.logreader.av.ParseSecurityRecord.parseSEPLogRecord(ParseSecurityRecord.java:613) at com.sygate.scm.server.logreader.av.LogHandler.process(LogHandler.java:95) at com.sygate.scm.server.task.AgentLogCollector.enumerateInbox(AgentLogCollector.java:207) at com.sygate.scm.server.task.AgentLogCollector.run(AgentLogCollector.java:104) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) 
Site: My Site
Server: CITY1
Date: 09/23/2008 22:16:47
Severity: Severe

I did open a trouble ticket but I posted this here also in case there is a solution already and you guys can help me faster.  Thanks.

i have the same problem.

after upgrading one of my managers from MR2 MP2 to MR3 the server log is reporting the same error... a lot..

You could try this suggestion from another thread:

Re: SEPM MR3   [ Edited ] Options      Scott Klassen
Super Contributor
Posts: 486
Registered: 10-11-2005

Message 26 of 28

Viewed 56 times

Here's the solution that worked for me:

1)  In the SEPM console, go to Admin>Servers>Local Site and click on Edit Site Properties.

2)  On the Log Settings and Database tabs, change time based settings to 1 day.

3)  Wait a day.

4)  Now the errors can be gone and you can increase the log retention and DB maintenance times back to their original values.

  09-26-2008 07:16 AM  

Report Abuse to a Moderator

ah.. thank you- this seems to have taken care of the problem... the "logs have been swept"..

While it sounds like that clears up the error, that is not really a resolution. Is there a way to resolve this without blowing away 60 days of logs? We would like to keep these if possible.

Hello All,

Symantec is aware on the problem and is working on a resolution.  Cavewolfs solution has worked for some but not all.  You can follow our progress a reaching a resolution by going to http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008092311461848

There is not much news yet but keep looking at the article for the latest updates. 

Add me to the number of people who the fix didn't work for.

+ 1

I upgraded my entire network to MR3 and most of the error messages are gone.  I do get a different message every once in a while now.

Invalid Log Record:  Invalid dates found in log line.  I did find that sometimes when a user first logs in the computer will show an antivirus definition date of 01/01/1970.  I am assuming the two issues are related.

actually the "fix" did not work for me.

i still get the error in my logs and it is clogging my syslog infrastructure.. 

heeeelp....

any news??

We are receiving this on our SEPM server which is at MR4 MP2.   Is there a workaround or fix.   I noticed that Symantec says on their support site that this issue is fixed with MR4 ???!!!

I've run nothing but MR4 and this has always happened.