Error occured while trying to save detection event to database #25
Comments
|
Hey @cuongdinh I got some of the details from your colleague and confirmed this is related to issue #6 . I'm also going to file this under a feature request as a way to allow the user to define what sure occur under this condition (fail and stop the service or skip over the event). A workaround solution is to skip over the problematic event by setting the offset to n+1 (21004 in this case) within the admin > configuration section in the UI. I've provided your colleague with steps on how to fix this issue within the code/DB as well. If you're still running into issues let me know! |
|
Thanks! I got your email from my colleague and the workaround works for us. Thanks for your help! |
|
I think we are hitting this one also. Incremented the key copying over the patched client has not resolved it in this case... 2017-06-14 20:40:13,117 DEBUG FalconOrchestrator.Client.FalconOrchestratorService - Connection to database is successful, starting service |
|
@mendoza2fast Can you join the slack chat room (link on the main project page). I will provide you a fix on there. |
|
Hello Evan, I'm running into the same issue as mendoza2fast. I've tried changing the offset to a higher value and restarting the falcon orchestrator service but the debug log is consistently reporting: |
|
@copos45 - 1762 characters? Yikes, didn't expect it to ever get that big. Can you send me the description for the event that is triggering this? I agree though, will bump the character limit up substantially in the next build. In the interim if you need a workaround, ping me on a slack and I can provide a fix. |
|
**please note my email address change**
Sure, I’ll send the description Monday and we can discuss it further then.
Thank you,
Christopher Chan
From: Evan Burns [mailto:notifications@github.com]
Sent: Friday, September 15, 2017 11:04 AM
To: CrowdStrike/falcon-orchestrator
Cc: Chan, Christopher; Mention
Subject: Re: [CrowdStrike/falcon-orchestrator] Error occured while trying to save detection event to database (#25)
@copos45<https://github.com/copos45> - 1762 characters? Yikes, didn't expect it to ever get that big. Can you send me the description for the event that is triggering this? I agree though, will bump the character limit up substantially in the next build. In the interim if you need a workaround, ping me on a slack and I can provide a fix.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#25 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AbzUQSkbT3AqirsaZg1E_3o0ICUJYVs2ks5sipHBgaJpZM4MQXt0>.
**This e-mail, including any attachments, may be confidential, privileged, or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy, or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.**
|
|
Hi Evan, I have the same issue, I have tried setting the offset to 21004 but the issue persists. |
|
**please note my email address change**
This worked for me:
start\run\cmd
sqlcmd
use FalconOrchestrator
alter table Detections alter column Description nvarchar(500) null
exit
and see the June.27, 2017 entry-> https://falcon-orchestrator.slack.com/messages/C20SJ71AQ/search/evan%20burns/
replace the FalconOrchestrator.DAL.dll with the one i supplied here
From: dlkeeling [mailto:notifications@github.com]
Sent: Thursday, October 12, 2017 2:42 PM
To: CrowdStrike/falcon-orchestrator
Cc: Chan, Christopher; Mention
Subject: Re: [CrowdStrike/falcon-orchestrator] Error occured while trying to save detection event to database (#25)
Hi Evan,
I have the same issue, I have tried setting the offset to 12004 but the issue persists.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#25 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AbzUQZE9joh7WY4tmIy7aroDclMslRMrks5srl2PgaJpZM4MQXt0>.
**This e-mail, including any attachments, may be confidential, privileged, or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy, or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.**
|
Hello,
We have a detection that Falcon Orchestrator gets stuck on, looks like it couldn't save it and keeps sending us the detection email. Also, the Falcon Orchestrator Client service doesn't seem to run. I keep trying to start it and seconds later it stops. Any advice? Thanks!
2017-03-01 16:50:41,734 DEBUG FalconOrchestrator.Client.FalconOrchestratorService - Connection to database is successful, starting service
2017-03-01 16:50:46,128 DEBUG FalconOrchestrator.Client.FalconOrchestratorService - [21002] Event already stored in database
2017-03-01 16:50:46,238 DEBUG FalconOrchestrator.Client.Rule - Resolved IP address of xx.xx.xx.xx for host
2017-03-01 16:50:46,269 DEBUG FalconOrchestrator.Client.Rule - Notification rule is enabled and severity of High is above threshold, attempting to send email
2017-03-01 16:50:46,707 FATAL FalconOrchestrator.Client.EventModel - [21003] Error occured while trying to save detection event to database
System.Data.Entity.Validation.DbEntityValidationException: Validation failed for one or more entities. See 'EntityValidationErrors' property for more details.
at System.Data.Entity.Internal.InternalContext.SaveChanges()
at System.Data.Entity.Internal.LazyInternalContext.SaveChanges()
at System.Data.Entity.DbContext.SaveChanges()
at FalconOrchestrator.Client.Persistence.SaveToDatabase(String cid, String offset)
at FalconOrchestrator.Client.DetectionModel.Save()
The text was updated successfully, but these errors were encountered: