Skip to main content
McAfee Enterprise MVISION Cloud

MVISION Cloud Connector Known Issues

For MVISION Cloud Known Issue, see MVISION Cloud Known Issues and Bug Fixes

Known Issues 

Date Description and Workaround (if any) Found in Release Fixed in Release

 

Oct 21,2021

While running Quality Check for log parser wizards: Import Existing Configuration and Manual Configuration, you might encounter improper results. Because currently on the Sub Configuration page, the fields Preprocessor Class Name supports only the Rule-Based Preprocessor option, and the File Format supports only the Bluecoat option. If you select other options from the list besides the specified options on the Sub Configuration page, you will find invalid results.

This issue will be fixed in an upcoming release. 

5.5.1 -
Sept 29, 2021

After upgrading MVISION Cloud Connector from 5.2.2 to 5.4.2, CC may fail to start. If you see these two errors, PANHostname and proxyBypass, use the following steps:
 

For PANHostname:

  • Delete the three entries within logprocessor.db.script and logprocessor.db.script.save files corresponding to the PAN settings.
  • Restart the CC.

For proxyBypass:

Run the following CLI command:

./shnlpcli sp --name proxyBypass --val true --encrypt"

For help, contact Support

5.4.2 -
April 22, 2021

Even when all Cloud Connectors are configured with AD, the following message appears in Infrastructure > Cloud Connector > Custom Attributes

"You have more than 1 instance of Cloud Connectors and it is recommended to configure Custom Attributes on all the instances that are processing logs to ensure consistency of data fetched and processed. Please set up Custom Attributes for all symbolic servers."

This issue will be fixed in an upcoming release. 

5.3.2 -
April 6, 2021 The SMTP Advanced Properties are not getting removed from YAML after being deleted from the dashboard. 5.3.2 -
April 6, 2021

The date format doesn't automatically pick the selected Timestamp column from the Map Log Fields in the Log parser when there are multiple date header columns such as Date or Timestamp in the parsed logs. As a workaround, make sure to manually update the correct date format. 

NOTE: The Log Parser automatically picks the available date format when there are no multiple date header columns.

5.3.2 -
Feb 20, 2021

Cloud Connector throws ldapusers cache error after upgrading from 3.9.2 to 5.3.0 and above versions. As a workaround:

  1. Delete the ldapusers cache from the Cloud Connector installed directory (leveldb) and restart the Cloud Connector.
  2. Use the following curl command to push respective properties to YML with the mentioned payload when switching between rocksdb and leveldb:

Switching to leveldb

{
  "logProcessor":{ "unmatchedtracker.keyValueStoreType":"LEVELDB",
  "ldapusers.cache.type":"LEVELDB","dualmode.storeType":"LEVELDB",
  "tldcache.cache.type":"LEVELDB","ipDomainCache.cache.type":"LEVELDB",
  "blockedURLCache.cache.type":"LEVELDB",
  "ipUserMapperStore.cache.type":"LEVELDB"   },
  "integration": {
    "smtp": {},
    "siem": {},
    "panorama": {},
    "custom_attributes": {},
    "ip_user_mapping": {},
    "syslog": {}
  }
}

Switching to rocksdb

{
  "logProcessor":
  { 
  "unmatchedtracker.keyValueStoreType":"ROCKSDB",
  "ldapusers.cache.type":"ROCKSDB","dualmode.storeType":"ROCKSDB",
  "tldcache.cache.type":"ROCKSDB","ipDomainCache.cache.type":"ROCKSDB",
  "blockedURLCache.cache.type":"ROCKSDB",
  "ipUserMapperStore.cache.type":"ROCKSDB"   },
  "integration": {
    "smtp": {},
    "siem": {},
    "panorama": {},
    "custom_attributes": {},
    "ip_user_mapping": {},
    "syslog": {}
  }
}

NOTE: Before you switch between DBs, delete only the respective caches throwing exceptions after the Cloud Connector is started.

5.3.1

-

Jan 20, 2021 MVISION Cloud Connector cannot be upgraded in running status. You should stop the MVISION Cloud Connector before upgrading. 5.3.0 -
Jan 20, 2021 Log parser sometimes may not fetch information accurately from the Timestamp field of the logs. 5.3.0 -
Jan 20, 2021 Log parser cannot process  Websense log lines that do not start with string literals ('quotes', "double quotes"). As a workaround, you should manually add string literals('quotes', "double quotes") in the Websense log lines. 5.3.0 -
Jan 20, 2021

RocksDB is not the default cache memory when MVISION Cloud Connector is upgraded from 5.0.1 to 5.3.0 version. As a workaround, you need to explicitly configure levelDB to RocksDB.

5.3.0 -
Jan 20, 2021 Multiple log lines starting with comment line (#), cannot be skipped from processing into log parser.  5.3.0 -
Jan 20, 2021 The Log Processing configuration wizard cannot process the Timestamp field input with space in between. 5.3.0 -
Jan 20, 2021 Rules generated by the Log parser wizard for Timestamp field in a custom log may not work as expected sometimes. As a workaround, you need to generate rules manually. 5.3.0 -
Oct 20, 2020 Installing multiple MVISION Cloud Connectors on the same directory is corrupting Cloud Connector properties. 5.2.1 -
Oct 20, 2020 MVISION Cloud Connector fails to start while upgrading from => 4.1.0 version to any higher version with SMTP advanced properties. As a workaround, you can remove/delete the SMTP advanced properties before upgrading to the latest MVISION Cloud Connector version. 5.2.1 -
Sep 14, 2020 File Rotation of the MapDBEncrypted.txt files cannot happen with the data export option enabled for mapdbtxt.enableMapDBTxtScheduler. 5.2.0 -
Sep 14, 2020 The data from  RocksDB cache and MapDBEntries/MapDBEncrypted.txt file are deleted only after  Restart/Context Refresh in Cloud Connector. 5.2.0 -
Sep 14, 2020 Syslog migrates the old properties if publishPeriodInMinutes property is not found in YAML. 5.2.0 -

 

 

  • Was this article helpful?