Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Trying to run Network Threat report, and it times out

Created: 14 May 2013 • Updated: 03 Jun 2013 | 16 comments
This issue has been solved. See solution.

When I try to run Network Threat report on SEPM 12, I get the error:

 

This query could not be processed for one of the following reasons:

 

1. The database query timed out. Try reducing the number of filters, or increasing the SQL Server query timeout value.

    2. An unexpected error occurred. Try running the query again by using default filter values.

      3. String encoding was possibly not UTF-8, and may result from copying and pasting data instead of typing data. Try typing data in the input fields.

      I followed everything in this artical, http://www.symantec.com/docs/TECH101746 , but it doesn't work.

      Operating Systems:

      Comments 16 CommentsJump to latest comment

      .Brian's picture

      How clients are you running it for?

      What happens if you try it for a specific group instead as a test?

      Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

      pete_4u2002's picture

      can you increase the timeout values further say 900 seconds and check if the report is generated?

      SebastianZ's picture

      Have a look here as well and specifically regarding the further changes timeout values in httpd.conf file:

      Changing timeout parameters for reviewing reports and logs

      Article:HOWTO55388  |  Created: 2011-06-29  |  Updated: 2012-06-28  |  Article URL http://www.symantec.com/docs/HOWTO55388

       

      RSASKA's picture

      I have tried everything so far. Sybastian, I will read your artical

      The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

       

      RSASKA's picture

      I tried everything it is still not working

      The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

       

      RSASKA's picture

      I opened a case, will keep you posted.

      The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

       

      RSASKA's picture

      I opened case with Symantec.

       

      So far, they asked me to create a new Admin account, and then try to run the report. It works well in the new Admin, but not my original account.

      Then Symantec asked me to run following query in Database

      Update compliance_report set sortorder = 'EVENT_TIME', sortdir = 'desc' where user_id = 'your-account's-unique-ID' and deleted = 0 and filtername = 'Default' and compliance_type = 5;

       

      Now in my original user Account I can run Network Threat Report > Attacks, but not Network Threat Report > Traffic

      The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

       

      SOLUTION
      roman.levkin's picture

      Well, report works with new account. But is it possible to remove built-in original account then?

      RSASKA's picture

      Now, in my original user Account I can run Network Threat Report > Traffic because I ran the following query in the database:

       

      Update firewall_report set sortorder = 'EVENT_TIME' where user_id = 'your-account's-unique-ID' and deleted = 0 and filtername = 'Default' and firewalltype = 1;

      The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

       

      SOLUTION
      roman.levkin's picture

      Thanks RSASKA! I appreciate your help!

      I have an error with this query: "Error at line 1 Missing closing quote" but i don't know what quote it means.

      RSASKA's picture

      What query do you have error with? Is this an SQL query? Please copy and paste.

      The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

       

      roman.levkin's picture

      With query that you wrote earlier:

      Update firewall_report set sortorder = 'EVENT_TIME' where user_id = 'your-account's-unique-ID' and deleted = 0 and filtername = 'Default' and firewalltype = 1;

      RSASKA's picture

      I should have been more clear:

      You need to run a query to find your unique User ID

      Select * from firewall_report
      where user_id = (select user_id from adminuser where user_name = 'roman.levkin's login ID')
      and deleted = 0;

      The result will give you a table. Copy the value for USER_ID, which is your account's unique ALPHANUMERIC ID

      Now, you run the query

      Update FIREWALL_REPORT
      set sortorder = 'EVENT_TIME'
      where user_id = 'your-account's-unique-ALPHANUMERIC-ID'
      and deleted = 0 and
      filtername = 'Default'
      and firewalltype = 1;
       

      Make sure there are no spaces when you use single quotes around the user ID.

      Also, it is best practice to append the schema name to the name of table. In our environment, our schema is called dbo, so it is better to run

      Select * from dbo.FIREWALL_REPORT ...

      Update dbo.FIREWALL_REPORT ....

      Let me know if this works

      The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

       

      RSASKA's picture

      Roman,

      First time when I ran the query, it said 1 row updated and I was able to open Network Threat > Traffic logs.

      Now, when I run query it also tells me 0 rows updated (I'm running MS SQL Server Management Studion 2008), because the information has already been updated.

      It may be the same case for you. Can you open Network Threat > traffic logs now?

      If you are unable to open these logs,try this with another user_id, and run the query again, and post the result.

      The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.