IBM Support

IJ17942: VULNERABILITY SCHEDULED SCANS CAN FAIL AND THE SCAN DATA APPEARS TO HANG

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • It has been identified that Vulnerability Manager scheduled
    scans can fail with the scan data hanging.
    When this occurs, affected scans have no results to be
    processed and scans sit at 'stopped' and the duration continues
    counting up.
    Cancelling an affected scan during its run time causes it to
    stay at 100% with duration counting up and providing no results
    again.
    Hovering over the Progress bar, the "Estimated time to Process"
    appears but the time that is displayed continues to rise with
    the duration.
    Manually run scans complete as expected when this behavior is
    affecting scheduled scans.
    Messages similar to the following might be visible in
    /var/log/qradar-sql.log when this issue is occuring:
    postgres[23015]: [1161-1] ERROR:  out of shared memory
    postgres[23015]: [1161-2] HINT:  You might need to increase
    max_locks_per_transaction.
    postgres[23015]: [1161-3] CONTEXT:  SQL statement "SELECT (NOT
    EXISTS(SELECT jo.JobOrderID
    postgres[23015]: [1161-4]            FROM JobOrders jo
    ....
    postgres[4285]: [3478-1] ERROR:  relation "tt_table9" does not
    exist
    postgres[4285]: [3478-2] CONTEXT:  SQL statement "truncate
    table tt_TABLE9"
    postgres[4285]: [3478-3]  PL/pgSQL function
    cwf_orgunit_getallcompanynodesabove_maint(integer) line 18 at
    SQL statement
    postgres[4285]: [3478-4]  SQL statement "INSERT INTO
    tt_new_rows_mapped_q1_exclusion_rules
    

Local fix

  • Contact Support for a possible workaround that might address
    this issue in some instances.
    

Problem summary

  • This issue was fixed in QRadar QRM QVM release of 7.4.2.
    

Problem conclusion

  • This issue was fixed in QRadar QRM QVM release of 7.4.2.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ17942

  • Reported component name

    QR VULNERABILIT

  • Reported component ID

    5725QVMSW

  • Reported release

    731

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2019-07-29

  • Closed date

    2020-11-27

  • Last modified date

    2020-11-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QR VULNERABILIT

  • Fixed component ID

    5725QVMSW

Applicable component levels

[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSHLPS","label":"IBM QRadar Vulnerability Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"731"}]

Document Information

Modified date:
28 November 2020