Tagged log

Filtering numerically in a log file

I recently needed to filter some log data to find all the entries that exceeded a certain numeric value (in my case, 100). A little Googling yielded the following solution:

less /web/temp/apache_procs.log | awk '{ if( $6 >= 100) print $1 " " $2 " " $6}'

The first half of this command obviously opens the file in the ‘less’ viewer. The ‘awk‘ command, if you’re not familiar with it, is an excellent tool for printing various bits of tab-separated files. One of the things it does is automatically separate each column of the log file output into a numeric variable, so the first column is $1, the second is $2, and so on. In this case, I wanted to see columns 1, 2, and 6 (log date, log time, and number of apache processes running). Awk also allows for simple if statements, in this case ‘if ($6 >= 100)’, a simple check that results in awk printing out only the log entries where the numeric value of column 6 is greater than (or equal to) 100.

“Could not start CMA process” error in McAfee VirusScan Enterprise 8.0i with ePolicy Orchestrator (ePO)

The school I work at is lucky enough to have a site license for McAfee VirusScan Enterprise 8.0i, working in concert with McAfee ePolicy Orchestrator (ePO). As anti-virus software goes, McAfee makes the best (and more importantly, updates it every hour), even though it causes its share of headaches. One of these headaches is the “Could not start CMA processes” error that crops up from time to time, seemingly at random. The culprit is in fact ePO, which places a log file in “…\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db” and then goes ahead and messes itself all up, forcing you to reinstall it…then begins the fun. Every time you try and reinstall it, even forcing the install, it fails miserably.

The quick way to your temp folder…
temp folder

The error message, however, does point you to the NAILogs folder in your Temp folder. You can get there easily by going to Start -> Run -> %temp% -> Ok. Open the NAILogs folder. If the log shows an error to the effect that it couldn’t create the “Db” folder in “Common Framework,” simply go back to the “Application Data” folder and toast the “Network Associates” folder. Then, reinstall ePO and watch it work perfectly.

On a side note, this file is the target mentioned in a vulnerability disclosure listed on knowledge.mcafee.com entitled McAfee ePolicy Orchestrator Information Disclosure Vulnerability [NAI29993]. Apparently, a remote machine can access the log file through a web page, if the setting to allow such a thing is turned on. Turn it off, and you’re fine.

McAfee VirusScan Enterprise 8.0i, McAfee, ePO, ePolicy Orchestrator, CMA process, CMA, error, could not start CMA process, uninstall ePO, install ePO, VirusScan, Virus Scan, log file, log, install McAfee, temp folder, All Users, vulnerability