Guest

Preview Tool

Cisco Bug: CSCvt45206 - Event search may fail when searching events that existed before upgrade

Last Modified

Aug 04, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

6.5.0 6.6.0

Description (partial)

Symptom:
Event viewer, context explorer, dashboard, and/or reporting queries with constraints on certain event fields may fail if the searched time range includes file, malware or intrusion events that existed before upgrade.

httpsd_error_log contains the following error messages:
Failed Executing Count Query with DBD::mysql::st execute failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AS event  WHERE (event.`reviewed` = '0' AND ((event.`sensor_id` = '2' AND event.' at line 1: /usr/local/sf/htdocs/events/index.cgi, referer: https://XXX.XXX.XXX.XX/events/index.cgi
**AND**
 (Unable to process this query. Please contact support.) in /usr/local/sf/htdocs/events/index.cgi:1077 at /usr/local/sf/lib/perl/5.10.1/SF.pm line 120.: /usr/local/sf/htdocs/events/index.cgi, referer: https://XXX.XXX.XXX.XX/events/index.cgi

Conditions:
This happens when file, malware, or intrusion events existed in the database before upgrade and those events are searched on certain fields (mostly new fields introduced in the upgrade).
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.