Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

eventd insert failure (snmp trap alert from snort)

Description

eventd seem to throw an exception when receiving an alert, in this case, a
snort snmp trap. The error given is "\0 not allowed"

Log information is given below:

2005-02-03 15:31:09,736 DEBUG [EventHandlerPool-fiber1] EventWriter:
EventWriter dbRun for : uei.opennms.org/generic/traps/EnterpriseDefault
nodeid: 5 ipaddr: 10.70.1.1 serviceid: null
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler: uuid
= <not-set>
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler: uei
= null
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler: src
= trapd
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler: iface
= 10.70.1.1
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler: time
= Thursday, February 3, 2005 3:31:09 PM GMT
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler: parms {
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.2.1.1.3.0, 52036117)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.6.3.1.1.4.1.0, .1.3.6.1.4.1.10234.2.1.3.3)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.2.1.4, 1107444670.211539)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.4.1.4, SNMP trap udp)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.14.1.4, 8)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.5.1.4, http://cve.mitre.org/cgi-bin/cvename.cgi?
name=2002-0013, http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0012,
http://www.sec
urityfocus.com/bid/4132, http://www.securityfocus.com/bid/4089,
http://www.securityfocus.com/bid/4088,)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.1.1.5.1.4, 1)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.1.1.6.1.4, 10.70.1.1)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.6.1.4, 1)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.7.1.4, 10.70.1.1)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.8.1.4, 1)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.9.1.4, 10.70.1.6)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.10.1.4, 55352)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.11.1.4, 162)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.25.1.4, 2)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.26.1.4, AAKzwgxr)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.27.1.4, AAvb5qVK)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.28.1.4, Protocol: UDP)
2005-02-03 15:31:09,737 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.29.1.4, 1419)
2005-02-03 15:31:09,738 DEBUG [EventHandlerPool-fiber2] EventHandler:
(.1.3.6.1.4.1.10234.2.1.2.1.30.1.4, 9)
2005-02-03 15:31:09,738 DEBUG [EventHandlerPool-fiber2] EventHandler: }
2005-02-03 15:31:09,738 DEBUG [EventHandlerPool-fiber2] EventHandler: }
2005-02-03 15:31:09,738 DEBUG [EventHandlerPool-fiber1] EventWriter:
EventWriter: DBID: 4980
2005-02-03 15:31:09,743 WARN [EventHandlerPool-fiber1] EventHandler: Unknown
exception processing event
java.lang.IllegalArgumentException: \0 not allowed
at org.postgresql.jdbc1.AbstractJdbc1Statement.escapeString
(AbstractJdbc1Statement.java:1152)
at org.postgresql.jdbc1.AbstractJdbc1Statement.setString
(AbstractJdbc1Statement.java:1133)
at org.postgresql.jdbc1.AbstractJdbc1Statement.setString
(AbstractJdbc1Statement.java:1116)
at org.opennms.netmgt.eventd.EventWriter.add(EventWriter.java:462)
at org.opennms.netmgt.eventd.EventWriter.persistEvent
(EventWriter.java:749)
at org.opennms.netmgt.eventd.EventHandler.run(EventHandler.java:162)
at
org.opennms.core.concurrent.RunnableConsumerThreadPool$FiberThreadImpl.run
(RunnableConsumerThreadPool.java:463)
at java.lang.Thread.run(Thread.java:534)

Environment

Operating System: Linux Platform: PC

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Seth Leger December 8, 2011 at 11:03 AM

This bug is very old and we've had no subsequent complaints about similar issues. The SQL query is basically failing because the string contains a \0 character. Data access updates over the years may have fixed this problem anyway.

Cannot Reproduce

Details

Assignee

Reporter

Components

Affects versions

Priority

PagerDuty

Created February 3, 2005 at 9:47 AM
Updated December 8, 2011 at 11:03 AM
Resolved December 8, 2011 at 11:03 AM

Flag notifications