IBM Support

IJ17942: VULNERABILITY SCHEDULED SCANS CAN FAIL AND THE SCAN DATA APPEARS TO HANG

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as Permanent restriction.

Error description

  • It has been identified that Vulnerability Manager scheduled
    scans can fail with the scan data hanging.
    When this occurs, affected scans have no results to be
    processed and scans sit at 'stopped' and the duration continues
    counting up.
    Cancelling an affected scan during its run time causes it to
    stay at 100% with duration counting up and providing no results
    again.
    Hovering over the Progress bar, the "Estimated time to Process"
    appears but the time that is displayed continues to rise with
    the duration.
    Manually run scans complete as expected when this behavior is
    affecting scheduled scans.
    Messages similar to the following might be visible in
    /var/log/qradar-sql.log when this issue is occuring:
    postgres[23015]: [1161-1] ERROR:  out of shared memory
    postgres[23015]: [1161-2] HINT:  You might need to increase
    max_locks_per_transaction.
    postgres[23015]: [1161-3] CONTEXT:  SQL statement "SELECT (NOT
    EXISTS(SELECT jo.JobOrderID
    postgres[23015]: [1161-4]            FROM JobOrders jo
    ....
    postgres[4285]: [3478-1] ERROR:  relation "tt_table9" does not
    exist
    postgres[4285]: [3478-2] CONTEXT:  SQL statement "truncate
    table tt_TABLE9"
    postgres[4285]: [3478-3]  PL/pgSQL function
    cwf_orgunit_getallcompanynodesabove_maint(integer) line 18 at
    SQL statement
    postgres[4285]: [3478-4]  SQL statement "INSERT INTO
    tt_new_rows_mapped_q1_exclusion_rules
    

Local fix

  • Contact Support for a possible workaround that might address
    this issue in some instances.
    

Problem summary

  • Permanent restriction, problem was found once but we couldn't
    re-produce it later no.
    

Problem conclusion

  • Permanent restriction, problem was found once but we couldn't
    re-produce it later no.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ17942

  • Reported component name

    QR VULNERABILIT

  • Reported component ID

    5725QVMSW

  • Reported release

    731

  • Status

    CLOSED PRS

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-07-29

  • Closed date

    2020-01-17

  • Last modified date

    2020-01-17

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSHLPS","label":"IBM Security QRadar Vulnerability Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"731","Edition":""}]

Document Information

Modified date:
17 January 2020