BugZero | Cisco BugID CSCvz73957 - FTD stops generating Syslog ID 430002 and 430003 w...

Cisco - Defect ID: CSCvz73957

FTD stops generating Syslog ID 430002 and 430003 with EventHandler cores

Cisco - Defect ID: CSCvz73957

FTD stops generating Syslog ID 430002 and 430003 with EventHandler cores

Last updated on 1/8/2024

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 5.15.1

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 5.15.1

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

FTD stops generating Syslog ID 430002 and 430003 with EventHandler cores

Conditions

EventHandler exits every 10 minutes, not always generating cores. Seemed to start after upgrade to 6.6.4. Seen in FTD 4125 managed by FMC. Connection events appear in FMC Event Viewer.

Workaround

1. Access FTD via SSH and enter root mode: > expert $ sudo su 2. Take a backup of /var/sf/mabain/metadatastore folder: # cp -R /var/sf/mabain/metadatastore /var/sf/mabain/metadatastore.backup 3. Disable Event handler process: # pmtool disablebyid EventHandler 4. Delete '_maba' files under /var/sf/mabain/metadatastore: # rm -rf /var/sf/mabain/metadatastore/_maba* 5. Enable Event handler process: # pmtool enablebyid EventHandler 6. It may be necessary to reboot FTD if issue happens again.

Further Problem Description

These messages appear in FTD CLI: > expert $ sudo su # less /ngfw//var/log/messages | grep EventHandler FTD SF-IMS[102193]: [102245] EventHandler:EventHandler [INFO] Exiting thread for consumer SNMP FTD SF-IMS[16819]: [16819] pm:process [WARN] Process EventHandler (102193) exited unexpectedly: 134 (0x00000086)

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvz73957

FTD stops generating Syslog ID 430002 and 430003 with EventHandler cores

Cisco - Defect ID: CSCvz73957

FTD stops generating Syslog ID 430002 and 430003 with EventHandler cores

Last updated on 1/8/2024

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?