Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[STRM/JSA] No Offenses in web UI

0

0

Article ID: KB14160 KB Last Updated: 30 Nov 2019Version: 4.0
Summary:

JSA might not generate offenses due to corruption of PGSQL DB. Doing a Hard/Soft Clean of the Security Event Management (SEM) from the WebUI does not clean the PostGres DB; would have to clean the PGSQL Data (clean SEM) from the CLI.

Symptoms:

No Offenses in web UI.

Cause:

Database corruption.

Solution:

Follow the steps below to Clean SEM from the CLI:

Soft Clean SIM - Closes all offenses in the database.

  1. Using the CLI, login as the root user
  2. Stop the ECS service: #service ecs stop (For 7.3 and above use the command 'systemctl stop ecs-ep' and 'systemctl stop ecs-ec')
  3. Enter: psql -U qradar
    • begin;
    • select clean_sem_model_soft();
    • commit;
    • \q
  4. Change directory: cd /store/mpc
  5. Enter: rm -fr core
  6. Enter: cd
  7. Start the service:  service ecs start (For 7.3 and above use the command 'systemctl start ecs-ep' and 'systemctl start ecs-ec')


Hard Clean SIM - Closes all active SIM data including offenses, targets, and attackers.

  1. Using the CLI, login to STRM as root user
  2. Stop the following services:
    • service hostcontext stop (For 7.3 and above use the command 'systemctl stop hostcontext')
    • service tomcat stop (For 7.3 and above use the command 'systemctl stop tomcat')
    • service imq stop (For 7.3 and above use the command 'systemctl stop imq')
  3. Enter: psql –U qradar
    • select clean_sem_model();
    • \q
  4. Change directory: cd /store/mpc
  5. Enter: rm -fr core
  6. Enter: cd
  7. Restart the services:
    • service imq start (For 7.3 and above use the command 'systemctl start imq')
    • service tomcat start (For 7.3 and above use the command 'systemctl start tomcat')
    • service hostcontext start (For 7.3 and above use the command 'systemctl start hostcontext')
Modification History:

2019-11-30: Validated process in 7.3.2p2 code.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search