Warning, Db strfwd.ldb - SQL Error, database is locked

  • 7005851
  • 28-Apr-2010
  • 26-Apr-2012

Environment

Novell Privileged User Manager 2.2
Novell Privileged User Manager 2.2.1

Situation

strfwd.ldb is excessively large (and growing)
Warning, Db strfwd.ldb - SQL Statement, COMMIT TRANSACTION
Warning, Db strfwd.ldb - SQL Error, database is locked
Warning, Db strfwd.ldb - SQL Statement, COMMIT TRANSACTION
Warning, Db strfwd.ldb - SQL Error, database is locked
Error, Failed to receive response: 70014:End of file found

Resolution

The strfwd files are used as a queue for the keystroke audit data. If the strfwd.ldb is very large (2GB or larger), it is likely that the server with the large strfwd.ldb is either experiencing communication issues with the Audit Manager, or a user session has created an extremely large amount of keystroke data.

Once a strfwd.ldb gets this large, it is not possible to process the entries within the strfwd.ldb and send them to the Audit Manager.

There are 2 options.

1. Remove the strfwd files (loss of audit data)

2. Use the sfwdutil utility to manipulate and remove large keystroke captures


Option 1 - Remove the strfwd files (loss of audit data)

Removing the following strfwd files will result in a loss of some audit data, if this is acceptable, then do the following on the server with a large strfwd.ldb

/etc/init.d/npum stop

Rename the following files from the /opt/unifi/service/local/strfwd/ directory, by adding the date on the end.
strfwd.db
strfwd.ldb
strfwd.ldb-journal
strfwd.ldbq
strfwd.ldbq.lck
strfwd.msq
strfwd.msq.lck
strfwd.msq.tmp

/etc/init.d/npum start   (Note: Restarting npum will automatically create new strfwd files that are needed.)

Once the issue is resolved, it is possible to remove the above renamed files, to clean up the disk space.



Option 2 - Use the sfwdutil utility to manipulate and remove large keystroke captures and insert remaining entries back into the current strfwd.ldb

/etc/init.d/npum stop

Rename the following files from the /opt/unifi/service/local/strfwd/ directory, by adding the date on the end.
strfwd.db
strfwd.ldb
strfwd.ldb-journal
strfwd.ldbq
strfwd.ldbq.lck
strfwd.msq
strfwd.msq.lck
strfwd.msq.tmp

/etc/init.d/npum start   (Note restarting npum will automatically create new strfwd files that are needed.)

Next we'll use stfwdutil to manipulate the renamed "offline" strfwd.ldb.

Assuming I renamed the strfwd.ldb to strfwd.ldb_20100424

a. Verify the integrity from the renamed strfwd.ldb database
sd142:/ # /opt/novell/npum/service/local/strfwd/sbin/sfwdutil -d /opt/novell/npum/service/local/strfwd.ldb_20100424 -i
Checking database integrity...this may take some time...
(If there is a problem identified with this step, please contact Novell Technical Support for additional options).

b. Gather statistics from the renamed strfwd.ldb database
sd142:/ # /opt/novell/npum/service/local/strfwd/sbin/sfwdutil -d /opt/novell/npum/service/local/strfwd.ldb_20100424 -s

c. Copy output to CSV file and sort by kbytes. (this will show you if you have a large keystroke capture)

d. Remove large entries from the renamed strfwd.ldb database (this will take a while)
The following assumes I found one large keystroke session with the groupid of 652d1a42-bab3-3c14-c527-ad3ea01b5122 that I want to remove from my strfwd.ldb_20100424

sd142:/ # /opt/novell/npum/service/local/strfwd/sbin/sfwdutil -d /opt/novell/npum/service/local/strfwd.ldb_20100424 -D 652d1a42-bab3-3c14-c527-ad3ea01b5122

e. Shrink the renamed strfwd.ldb database with sfwdutil -V option.
After manual manipulation of the strfwd.ldb_20100424, sfwdutil -V will shrink or reclaim wasted space.
sd142:/ # /opt/novell/npum/service/local/strfwd/sbin/sfwdutil -d /opt/novell/npum/service/local/strfwd.ldb_20100424 -V

f. Add the remaining entries back from the renamed strfwd.ldb into the current strfwd.ldb with sfwdutil -c option.
Note: This will "bulk load" the remaining entries back into the live strfwd.ldb
sd142:/ # /opt/novell/npum/service/local/strfwd/sbin/sfwdutil -d /opt/novell/npum/service/local/strfwd.ldb_20100424-c
Please wait - collating data...
Processing records - 17 group IDs, 10000 rows...
Processing records - 28 group IDs, 20000 rows...
(etc).....
Please select the record sets you wish to copy (total sets=58)
GroupID=21a88db1-9509-4b86-b8e4-0f44c44ebcae,Entries=1863,Size=581kb - Copy Over ? (Y/n): y
GroupID=15b75464-eef4-413f-a47d-4f38827ee345,Entries=275,Size=199kb - Copy Over ? (Y/n): y
(etc)...
Please wait - copying data...
Copied 10000 total rows - 855 rows out of 1863 for Group ID '21a88db1-9509-4b86-b8e4-0f44c44ebcae'...
(etc)...
sd142:/ #

g. Watch the size of the  /opt/novell/npum/service/local/strfwd/strfwd.ldb and validate it is getting smaller (it is processing entries and sending them to the Audit Manager).