cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 12
‎08-23-2019 03:00 AM

Event parser service starts but get stuck on ePo 5.10

Hi! Mi ePo 5.10 is not getting any events from dlp agents and seems to be  an event parser fault. When i restart the server, get some events, but then stops sending. When i try to restart the service i get an error "1503: service didnt respondt in time" so the service stucks in "stopping" and i have to restart the server.

 

What can be the source of this problem? Seems like something collapse the service and only shows when i try to restart, because the rest of the time, seems like its working properly.

 

Thanks!

1 person had this problem.
0 Kudos
Reply
11 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 12
‎08-23-2019 07:05 AM

Re: Event parser service starts but get stuck on ePo 5.10

Please check the event parser log and see is there any error reported.

Also you can check the event viewer to get more details.

If service is getting stuck in stopping state, What if you are trying to kill it from the Task Manager and restarting it again.



0 Kudos
Reply
tucker84
Level 10
Report Inappropriate Content
Message 3 of 12
‎08-23-2019 08:58 AM

Re: Event parser service starts but get stuck on ePo 5.10

Are you using ePO 5.10 update 4? Does your server meet the recommended specs?
0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 4 of 12
‎09-09-2019 10:36 AM

Re: Event parser service starts but get stuck on ePo 5.10

See if KB91749 applies and check the eventparser log to see if you have this error: HOSTDLPEVENT Error processing event. Error: SP: UDLP_eventparser_xxxxxx_SP. Error: Transaction (Process ID xx) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction. If you do, please open a ticket with dlp team to get updated sql script to add some missing indexes.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 12
‎09-25-2019 01:51 AM

Re: Event parser service starts but get stuck on ePo 5.10

Hi! I cannot find that line on the eventparser log, so i assume that is not the error. In matter of KB, i cannot find that one, maybe one number is missing?
0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 6 of 12
‎09-25-2019 01:18 AM

Re: Event parser service starts but get stuck on ePo 5.10

Hi! Check the recommended specs and i think that the server meet all (ntfs, 12 GB ram, 4 core, 20gb free space). Im runing 5.10.0.2428, so i assume im on 5.10 update 2? (im scared of update, previously i updated extensions and packages of threat prevention and all stop working, making me to restore all old software, but the parser error comes before that)

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 7 of 12
‎09-25-2019 05:04 AM

Re: Event parser service starts but get stuck on ePo 5.10

Hello,

If possible please provide the screenshot of the error and also please provide the Eventparser.log.

By Default location:

Event Parser service: eventparser.log or eventparser_servername.log located in: ...\<epoinstallationdirectory>\db\logs\


Was my reply helpful?
If you find this post useful, Please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 8 of 12
‎09-25-2019 05:25 AM

Re: Event parser service starts but get stuck on ePo 5.10

The build of epo won't change with the updates, unlike previous patches.  Go to server settings, server information and on the right side, there is a section for installed updates.  That will tell you if you have installed any or not.  If you have not, please install update 4.  Ensure you have full backups of everything per kb66616 first.  These are critical, as they have a lot of fixes, such as a missing internal cleanup task, and other things that you might be noticing without any updates. 

The KB can be found here, but it requires you log into the service portal to get it.  With dlp 11 and5.10, it is critical that you apply the updated stored procedure for dlp, or you will continue to get no dlp events.

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
dadialla
Level 8
Report Inappropriate Content
Message 9 of 12
‎02-13-2020 05:56 AM

Re: Event parser service starts but get stuck on ePo 5.10

We're experiencing the same issue in our enviroment, we are in ePO 5.10 patch 5 and following the KB91749 we've updated the DLP extension to 11.4  but it's not resolved. Right now we have a case with McAfee support and waiting to the logs analysis. Could you solve the issue @Former Member ? 

 

Thanks & BR 

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 10 of 12
‎02-13-2020 08:28 PM

Re: Event parser service starts but get stuck on ePo 5.10

Hello,

Please go to the below location and check the eventparser.log (bottom to top) 

C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Logs

If you find any specific error , please let us know.

 

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC