API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 21st, 2018
177
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 106.21 KB | None | 0 0
raw download clone embed print report
  1. [2018-05-17 11:36:00,001][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rules Engine Timer - Real-time Time Window Size: 1; Time Unit: Minute; Time: 1526546160000, Thu May 17 11:36:00 MSK 2018
  2. [2018-05-17 11:36:00,002][INFO ][default.com.arcsight.server.monitor.MonitorEventSender$Sender] Posted 62 monitor event(s) from 22 generator(s)
  3. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Authentication_and_Access_Control18._INC_AACuSu007i_Possible_Successful_Bruteforce_Attack_u_Critical__host_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=20187
  4. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Authentication_and_Access_Control18._INC_AACuSu007i_Possible_Successful_Bruteforce_Attack_u_Critical__host_CheckTimeWindow could not be found for deactivation
  5. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Perimeter_and_Network_Monitoring2._INC_TTuPNMu002i_Possible_DDOS_Attack_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=50011
  6. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Perimeter_and_Network_Monitoring2._INC_TTuPNMu002i_Possible_DDOS_Attack_CheckTimeWindow could not be found for deactivation
  7. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Authentication_and_Access_Control18._INC_AACuSu005i_Possible_Successful_Bruteforce_Attack_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=20186
  8. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Authentication_and_Access_Control18._INC_AACuSu005i_Possible_Successful_Bruteforce_Attack_CheckTimeWindow could not be found for deactivation
  9. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Authentication_and_Access_Control18._INC_AACuSu006i_Possible_Successful_Bruteforce_Attack_u_Critical_account_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=20187
  10. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Authentication_and_Access_Control18._INC_AACuSu006i_Possible_Successful_Bruteforce_Attack_u_Critical_account_CheckTimeWindow could not be found for deactivation
  11. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Configuration_Management12._INC_CMuSSAu014i_USB_Smart_Cards_device_error_not_fixed_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=50016
  12. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Configuration_Management12._INC_CMuSSAu014i_USB_Smart_Cards_device_error_not_fixed_CheckTimeWindow could not be found for deactivation
  13. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Configuration_Management12._INC_CMuSSAu003i_Critical_Service_Stop_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=50016
  14. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Configuration_Management12._INC_CMuSSAu003i_Critical_Service_Stop_CheckTimeWindow could not be found for deactivation
  15. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Configuration_Management12._INC_CMuSSAu004i_Critical_Service_Not_Start_After_Stop_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=50016
  16. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Configuration_Management12._INC_CMuSSAu004i_Critical_Service_Not_Start_After_Stop_CheckTimeWindow could not be found for deactivation
  17. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.General.Threat_Tracking.rs_Attack_Monitoring0._TTuAMi_New_Running_Service_Detected_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=41642
  18. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.General.Threat_Tracking.rs_Attack_Monitoring0._TTuAMi_New_Running_Service_Detected_CheckTimeWindow could not be found for deactivation
  19. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.General.Threat_Tracking.rs_Attack_Monitoring0._TTuAMi_Service_Installation_Without_Start_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=41642
  20. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.General.Threat_Tracking.rs_Attack_Monitoring0._TTuAMi_Service_Installation_Without_Start_CheckTimeWindow could not be found for deactivation
  21. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.General.Threat_Tracking.rs_Attack_Monitoring0._TTuAMi_Service_Installation_than_Running_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=41642
  22. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.General.Threat_Tracking.rs_Attack_Monitoring0._TTuAMi_Service_Installation_than_Running_CheckTimeWindow could not be found for deactivation
  23. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Account_and_Group_Management14._INC_AGMuAMu009i_A_User_Account_has_Been_Enabled_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=42839
  24. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.rs_Account_and_Group_Management14._INC_AGMuAMu009i_A_User_Account_has_Been_Enabled_CheckTimeWindow could not be found for deactivation
  25. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Routing_Monitoring2._INC_TTuRMu002i_BGP_Hijack_Created_by_Our_ISP_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=64356
  26. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Routing_Monitoring2._INC_TTuRMu002i_BGP_Hijack_Created_by_Our_ISP_CheckTimeWindow could not be found for deactivation
  27. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Routing_Monitoring2._INC_TTuRMu005i_We_created_BGP_route_leak_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=64356
  28. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Routing_Monitoring2._INC_TTuRMu005i_We_created_BGP_route_leak_CheckTimeWindow could not be found for deactivation
  29. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Routing_Monitoring2._INC_TTuRMu001i_BGP_hijack_that_affects_our_prefixes_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=64356
  30. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Routing_Monitoring2._INC_TTuRMu001i_BGP_hijack_that_affects_our_prefixes_CheckTimeWindow could not be found for deactivation
  31. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Routing_Monitoring2._INC_TTuRMu004i_Our_BGP_route_leak_detected_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=64356
  32. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Routing_Monitoring2._INC_TTuRMu004i_Our_BGP_route_leak_detected_CheckTimeWindow could not be found for deactivation
  33. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Routing_Monitoring2._INC_TTuRMu003i_MOAS_conflicts_with_proper_Route_Objects_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=64356
  34. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Incidents.Threat_Tracking.rs_Routing_Monitoring2._INC_TTuRMu003i_MOAS_conflicts_with_proper_Route_Objects_CheckTimeWindow could not be found for deactivation
  35. [2018-05-17 11:36:00,010][INFO ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Product.VPN.rs_Citrix_NetScaler0._Citrix_NetScaler_Authentication_Failed_CheckTimeWindow exceeded memory limits, conditions=1 ,partialmatches=64356
  36. [2018-05-17 11:36:00,010][WARN ][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine] Rule All_Rules.Realutime_Rules.Customers.Common.Product.VPN.rs_Citrix_NetScaler0._Citrix_NetScaler_Authentication_Failed_CheckTimeWindow could not be found for deactivation
  37. [2018-05-17 11:36:00,807][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel, channelID=QLb0DbWMBABCC+jCSIb7nOQ=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-16 07:17:33.385' and event1.manager_receipt_time < '2018-05-16 07:19:04.775') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.request_url) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.request_url) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.name) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enotal1f.beget.tech%')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  38. [2018-05-17 11:36:00,855][ERROR][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine]
  39. java.lang.ClassCastException
  40. [2018-05-17 11:36:00,855][ERROR][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine]
  41. java.lang.ClassCastException
  42. [2018-05-17 11:36:00,856][ERROR][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine]
  43. java.lang.ClassCastException
  44. [2018-05-17 11:36:01,673][INFO ][default.com.arcsight.common.persist.CachingSecurityEventBroker] Events requested: 6. Found in cache: 0 in 0 ms. Obtained from broker: 6 in 380 ms.
  45. [2018-05-17 11:36:01,966][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel 1, channelID=Q58UDbWMBABCC+67bu0nytw=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-15 16:51:04.416' and event1.manager_receipt_time < '2018-05-15 16:54:03.414') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.file_hash) = BINARY UPPER('4ebf3e5afa85a48a34cf0e344c685c9f97d59c002d54eb3ee19d6b79bae9e4dd') or UPPER(event1.file_hash) = BINARY UPPER('a5dbbbc7996967cf7f16f998fab6dbc09a087082a0d17287418b8ffc2b6228f3') or UPPER(event1.file_hash) = BINARY UPPER('2be87bc7e1cee08a3abc7f8fefcfab697bd28404441f2b8ee8fafba356164902') or UPPER(event1.file_hash) = BINARY UPPER('683aca7614f51d52e2121e240dd2d5fc72858d7dbc6e27f97be83a987f9c5103') or UPPER(event1.file_hash) = BINARY UPPER('da0d0bc24c204e5771f4d7334b322caed6cb0021b719741900b94d91fe01a7c4') or UPPER(event1.file_hash) = BINARY UPPER('c0b505299214d21c5f89aea4d381dbd76ef5ce9a38770b693578d4647e61a471') or UPPER(event1.file_hash) = BINARY UPPER('005bdb6b31dc26406694749f1de59d5cce330de603e8b407c80e8ff7dddda4a3') or UPPER(event1.file_hash) = BINARY UPPER('cb5abc9a8ef7936892e4627fe4d94d28120bb653002c1fd6f1a449ce86d9e909') or UPPER(event1.file_hash) = BINARY UPPER('8b8b7d5da95a731f699ccc5c81f410f7d3b48b4986d5be2dee084cb269931151') or UPPER(event1.file_hash) = BINARY UPPER('6344f5fe0081dcff6345055d2f90e163ec8eb214edfff44fe56fc2d1ed14d322') or UPPER(event1.file_hash) = BINARY UPPER('04235dc68d798863ca1177864c7dba300cf1def2c6eb79885338fc8279b8aa49') or UPPER(event1.file_hash) = BINARY UPPER('e6fa65c97244ff34348b958bb53c2046897d4c5137d06a9dff327597f5b5430f') or UPPER(event1.file_hash) = BINARY UPPER('2b73bdabd16316804a9f175b7078769bdced003dbe7ee944088abae67a0a5fee') or UPPER(event1.file_hash) = BINARY UPPER('2c365caa7c41a871c5a32c357ffb832ef9fa1cf72f0033c84e9a4a4bdaeae992') or UPPER(event1.file_hash) = BINARY UPPER('b8cd344fd7d8dd400db31f981b8a11b0aabe6b118d9aa498aa269144b441eb96') or UPPER(event1.file_hash) = BINARY UPPER('2e608a18562ad0427b02cc225db8703eb55be189bf2bccc9250b3b30022fdd90') or UPPER(event1.file_hash) = BINARY UPPER('2a990c1e97b0329b2c4f75766314d1fe91f554b3ac524d4229b6068d007c8e33') or UPPER(event1.file_hash) = BINARY UPPER('5bc214d0bf18ded3bd18595e96b609137207aeeb0786778f86191fbdfdbc0522') or UPPER(event1.file_hash) = BINARY UPPER('286b7bf5ab74a5ed919b2caff250084e35ace2df1ed1b1c9e4ea556ba73f9e1b') or UPPER(event1.file_hash) = BINARY UPPER('831b7b91b48c5c745b04731949c1ed32a2e9e68df66b6cc7f9e0b1fb0c6df5eb') or UPPER(event1.file_hash) = BINARY UPPER('31dd4401c496ceaa8c5d75bc0e8f7f5a1b648f5e5942e074fbb5c683d9eaf408') or UPPER(event1.file_hash) = BINARY UPPER('0f44cbc19862c6a2208d506564c3a3676e22c8203d2f3055a88c00c00ebf1c1e') or UPPER(event1.file_hash) = BINARY UPPER('c9c46a0f78abc1de95af1f26dd7c357146ce8ce462bd450617c138a81c2e119d') or UPPER(event1.file_hash) = BINARY UPPER('3e6044de4c65c6e4290d22a03c8c67c18dbc264de0b8da0f4a8711415073fe15') or UPPER(event1.file_hash) = BINARY UPPER('3e5dea4055b80ba3903b5ef0a4ad6130775337d3a068b721671e982ae4effda1') or UPPER(event1.file_hash) = BINARY UPPER('6d728e557152d8f5613ca8ea06329f1a08e8e13923ed0fa0a5142c3dd7cb0155') or UPPER(event1.file_hash) = BINARY UPPER('57bdbb582ad09382aa3d4e015269eddd56f7d712d11cde58cf0debac9fcd1829') or UPPER(event1.file_hash) = BINARY UPPER('a9822090b68066332178fcd8fbaaf706ad478e0a7a5b50e1b99bda52bc6ab081') or UPPER(event1.file_hash) = BINARY UPPER('a9e4d7aa5b6d83943aa4845dc467040ae4cd223ef603a5ab2d1896d9c2573932') or UPPER(event1.file_hash) = BINARY UPPER('bb3219959f1e25a415adf56481be96da1145c03e347d8852de310070256a09cc')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  46. [2018-05-17 11:36:03,961][WARN ][default.com.arcsight.util.TimedRingBuffer] Throwing out increment 2, increment time = 1526550374000, acceptable range 1526541870236 - 1526546370236 (discarded=523)
  47. [2018-05-17 11:36:03,989][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:03 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QbdzjAGMBABDFNvZD2+V+yQ==,bucketCount=3'.
  48. [2018-05-17 11:36:03,989][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_DELETED,17 May 2018 08:36:03 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsDeleted;channelID=QbdzjAGMBABDFNvZD2+V+yQ==1'.
  49. [2018-05-17 11:36:04,262][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5] Error while parsing event 42/100
  50. [2018-05-17 11:36:04,262][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5]
  51. java.lang.ArrayIndexOutOfBoundsException
  52. [2018-05-17 11:36:04,262][ERROR][default.com.arcsight.server.agent.protocol.EventServlet]
  53. com.arcsight.common.serialize.SerializationException: java.lang.ArrayIndexOutOfBoundsException
  54. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAllEvents(BinarySecurityEventSerializerV5.java:1376)
  55. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAll(BinarySecurityEventSerializerV5.java:149)
  56. at com.arcsight.common.serialize.binary.BinaryContentHandler.unmarshallAll(BinaryContentHandler.java:673)
  57. at com.arcsight.common.serialize.StreamHandler.unmarshallAll(StreamHandler.java:722)
  58. at com.arcsight.server.agent.protocol.EventServlet.deserializeEventsBinary(EventServlet.java:775)
  59. at com.arcsight.server.agent.protocol.EventServlet.doProcessRequest(EventServlet.java:453)
  60. at com.arcsight.server.agent.protocol.EventServlet.processRequest(EventServlet.java:378)
  61. at com.arcsight.server.agent.protocol.EventServlet.handle(EventServlet.java:239)
  62. at com.arcsight.server.agent.protocol.AgentServletBase.doPost(AgentServletBase.java:553)
  63. at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
  64. at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
  65. at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:488)
  66. at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:403)
  67. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1050)
  68. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1003)
  69. at org.mortbay.http.HttpServer.service(HttpServer.java:774)
  70. at org.mortbay.http.HttpConnection.service(HttpConnection.java:745)
  71. at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:918)
  72. at org.mortbay.http.HttpConnection.handle(HttpConnection.java:760)
  73. at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:165)
  74. at com.arcsight.server.SeededJsseListener.handleConnection(SeededJsseListener.java:268)
  75. at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
  76. at org.mortbay.util.ThreadPool$JobRunner.run(ThreadPool.java:773)
  77. at java.lang.Thread.run(Thread.java:748)
  78. Caused by: java.lang.ArrayIndexOutOfBoundsException
  79. [2018-05-17 11:36:04,316][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:04 GMT,ComponentAddress=[Agent,AgentID=3vjfJ22EBABCAvVFDiqZ57g==]->null]
  80. [2018-05-17 11:36:04,317][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3vjfJ22EBABCAvVFDiqZ57g== OOo9bWMBABC4R7j9gyVXnw==
  81. [2018-05-17 11:36:04,317][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 1ms.
  82. [2018-05-17 11:36:04,320][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:04 GMT,ComponentAddress=[Agent,AgentID=3G0q5qmIBABDruJKQGBvdNQ==]->null]
  83. [2018-05-17 11:36:04,321][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3G0q5qmIBABDruJKQGBvdNQ== Peo9bWMBABDRL69MtYegrQ==
  84. [2018-05-17 11:36:04,321][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 1ms.
  85. [2018-05-17 11:36:04,633][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages for recipient 'ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]]' picked up: [com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@34a7552f, com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@49517a76]
  86. [2018-05-17 11:36:06,675][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:06 GMT,ComponentAddress=[Agent,AgentID=3TyEPiV0BABDo27i+Wy-bRA==]->null]
  87. [2018-05-17 11:36:06,678][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3TyEPiV0BABDo27i+Wy-bRA== e-M9bWMBABDN7KXTYIVwZg==
  88. [2018-05-17 11:36:06,678][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 3ms.
  89. [2018-05-17 11:36:06,684][INFO ][default.com.arcsight.common.datalist.DataListCacheMissManager] Pruned 0, now 0
  90. [2018-05-17 11:36:07,306][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel, channelID=QLb0DbWMBABCC+jCSIb7nOQ=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-16 07:16:23.085' and event1.manager_receipt_time < '2018-05-16 07:17:33.385') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.request_url) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.request_url) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.name) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enotal1f.beget.tech%')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  91. [2018-05-17 11:36:08,129][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel 1, channelID=Q58UDbWMBABCC+67bu0nytw=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-15 16:48:39.267' and event1.manager_receipt_time < '2018-05-15 16:51:04.416') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.file_hash) = BINARY UPPER('4ebf3e5afa85a48a34cf0e344c685c9f97d59c002d54eb3ee19d6b79bae9e4dd') or UPPER(event1.file_hash) = BINARY UPPER('a5dbbbc7996967cf7f16f998fab6dbc09a087082a0d17287418b8ffc2b6228f3') or UPPER(event1.file_hash) = BINARY UPPER('2be87bc7e1cee08a3abc7f8fefcfab697bd28404441f2b8ee8fafba356164902') or UPPER(event1.file_hash) = BINARY UPPER('683aca7614f51d52e2121e240dd2d5fc72858d7dbc6e27f97be83a987f9c5103') or UPPER(event1.file_hash) = BINARY UPPER('da0d0bc24c204e5771f4d7334b322caed6cb0021b719741900b94d91fe01a7c4') or UPPER(event1.file_hash) = BINARY UPPER('c0b505299214d21c5f89aea4d381dbd76ef5ce9a38770b693578d4647e61a471') or UPPER(event1.file_hash) = BINARY UPPER('005bdb6b31dc26406694749f1de59d5cce330de603e8b407c80e8ff7dddda4a3') or UPPER(event1.file_hash) = BINARY UPPER('cb5abc9a8ef7936892e4627fe4d94d28120bb653002c1fd6f1a449ce86d9e909') or UPPER(event1.file_hash) = BINARY UPPER('8b8b7d5da95a731f699ccc5c81f410f7d3b48b4986d5be2dee084cb269931151') or UPPER(event1.file_hash) = BINARY UPPER('6344f5fe0081dcff6345055d2f90e163ec8eb214edfff44fe56fc2d1ed14d322') or UPPER(event1.file_hash) = BINARY UPPER('04235dc68d798863ca1177864c7dba300cf1def2c6eb79885338fc8279b8aa49') or UPPER(event1.file_hash) = BINARY UPPER('e6fa65c97244ff34348b958bb53c2046897d4c5137d06a9dff327597f5b5430f') or UPPER(event1.file_hash) = BINARY UPPER('2b73bdabd16316804a9f175b7078769bdced003dbe7ee944088abae67a0a5fee') or UPPER(event1.file_hash) = BINARY UPPER('2c365caa7c41a871c5a32c357ffb832ef9fa1cf72f0033c84e9a4a4bdaeae992') or UPPER(event1.file_hash) = BINARY UPPER('b8cd344fd7d8dd400db31f981b8a11b0aabe6b118d9aa498aa269144b441eb96') or UPPER(event1.file_hash) = BINARY UPPER('2e608a18562ad0427b02cc225db8703eb55be189bf2bccc9250b3b30022fdd90') or UPPER(event1.file_hash) = BINARY UPPER('2a990c1e97b0329b2c4f75766314d1fe91f554b3ac524d4229b6068d007c8e33') or UPPER(event1.file_hash) = BINARY UPPER('5bc214d0bf18ded3bd18595e96b609137207aeeb0786778f86191fbdfdbc0522') or UPPER(event1.file_hash) = BINARY UPPER('286b7bf5ab74a5ed919b2caff250084e35ace2df1ed1b1c9e4ea556ba73f9e1b') or UPPER(event1.file_hash) = BINARY UPPER('831b7b91b48c5c745b04731949c1ed32a2e9e68df66b6cc7f9e0b1fb0c6df5eb') or UPPER(event1.file_hash) = BINARY UPPER('31dd4401c496ceaa8c5d75bc0e8f7f5a1b648f5e5942e074fbb5c683d9eaf408') or UPPER(event1.file_hash) = BINARY UPPER('0f44cbc19862c6a2208d506564c3a3676e22c8203d2f3055a88c00c00ebf1c1e') or UPPER(event1.file_hash) = BINARY UPPER('c9c46a0f78abc1de95af1f26dd7c357146ce8ce462bd450617c138a81c2e119d') or UPPER(event1.file_hash) = BINARY UPPER('3e6044de4c65c6e4290d22a03c8c67c18dbc264de0b8da0f4a8711415073fe15') or UPPER(event1.file_hash) = BINARY UPPER('3e5dea4055b80ba3903b5ef0a4ad6130775337d3a068b721671e982ae4effda1') or UPPER(event1.file_hash) = BINARY UPPER('6d728e557152d8f5613ca8ea06329f1a08e8e13923ed0fa0a5142c3dd7cb0155') or UPPER(event1.file_hash) = BINARY UPPER('57bdbb582ad09382aa3d4e015269eddd56f7d712d11cde58cf0debac9fcd1829') or UPPER(event1.file_hash) = BINARY UPPER('a9822090b68066332178fcd8fbaaf706ad478e0a7a5b50e1b99bda52bc6ab081') or UPPER(event1.file_hash) = BINARY UPPER('a9e4d7aa5b6d83943aa4845dc467040ae4cd223ef603a5ab2d1896d9c2573932') or UPPER(event1.file_hash) = BINARY UPPER('bb3219959f1e25a415adf56481be96da1145c03e347d8852de310070256a09cc')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  92. [2018-05-17 11:36:08,990][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:08 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QbdzjAGMBABDFNvZD2+V+yQ==,bucketCount=4'.
  93. [2018-05-17 11:36:08,990][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:08 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QhW97KWIBABCFm7Oxmt1O4w==,bucketCount=2'.
  94. [2018-05-17 11:36:09,228][WARN ][default.com.arcsight.util.TimedRingBuffer] Throwing out increment 1, increment time = 1526550382000, acceptable range 1526541870236 - 1526546370236 (discarded=671)
  95. [2018-05-17 11:36:09,228][WARN ][default.com.arcsight.util.TimedRingBuffer] Throwing out increment 1, increment time = 1526550382000, acceptable range 1526542770420 - 1526546370420
  96. [2018-05-17 11:36:09,304][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5] Error while parsing event 42/100
  97. [2018-05-17 11:36:09,304][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5]
  98. java.lang.ArrayIndexOutOfBoundsException
  99. [2018-05-17 11:36:09,304][ERROR][default.com.arcsight.server.agent.protocol.EventServlet]
  100. com.arcsight.common.serialize.SerializationException: java.lang.ArrayIndexOutOfBoundsException
  101. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAllEvents(BinarySecurityEventSerializerV5.java:1376)
  102. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAll(BinarySecurityEventSerializerV5.java:149)
  103. at com.arcsight.common.serialize.binary.BinaryContentHandler.unmarshallAll(BinaryContentHandler.java:673)
  104. at com.arcsight.common.serialize.StreamHandler.unmarshallAll(StreamHandler.java:722)
  105. at com.arcsight.server.agent.protocol.EventServlet.deserializeEventsBinary(EventServlet.java:775)
  106. at com.arcsight.server.agent.protocol.EventServlet.doProcessRequest(EventServlet.java:453)
  107. at com.arcsight.server.agent.protocol.EventServlet.processRequest(EventServlet.java:378)
  108. at com.arcsight.server.agent.protocol.EventServlet.handle(EventServlet.java:239)
  109. at com.arcsight.server.agent.protocol.AgentServletBase.doPost(AgentServletBase.java:553)
  110. at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
  111. at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
  112. at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:488)
  113. at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:403)
  114. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1050)
  115. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1003)
  116. at org.mortbay.http.HttpServer.service(HttpServer.java:774)
  117. at org.mortbay.http.HttpConnection.service(HttpConnection.java:745)
  118. at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:918)
  119. at org.mortbay.http.HttpConnection.handle(HttpConnection.java:760)
  120. at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:165)
  121. at com.arcsight.server.SeededJsseListener.handleConnection(SeededJsseListener.java:268)
  122. at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
  123. at org.mortbay.util.ThreadPool$JobRunner.run(ThreadPool.java:773)
  124. at java.lang.Thread.run(Thread.java:748)
  125. Caused by: java.lang.ArrayIndexOutOfBoundsException
  126. [2018-05-17 11:36:09,477][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:09 GMT,ComponentAddress=[Agent,AgentID=33VnRPmIBABCnf8npNnC1WQ==]->null]
  127. [2018-05-17 11:36:09,478][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=33VnRPmIBABCnf8npNnC1WQ== Af49bWMBABC4NjOTRl1FBA==
  128. [2018-05-17 11:36:09,479][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 2ms.
  129. [2018-05-17 11:36:09,637][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages for recipient 'ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]]' picked up: [com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@3d1c5376, com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@15a04fe8]
  130. [2018-05-17 11:36:11,318][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_7NUILG SET private_address=?, started=?, last_modified_time=?, count=? WHERE customer=? AND account_name=? AND public_address=?
  131. [2018-05-17 11:36:11,320][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_P42T4B SET end_time=?, duration=?, note=?, last_modified_time=?, count=? WHERE customer=? AND event_name=? AND prefix=? AND a_s__path=? AND origin=? AND leaker=? AND start_time=?
  132. [2018-05-17 11:36:11,322][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_DS337U SET reason=?, device_host_name=?, device_address=?, events_count=?, customer=?, note=?, last_modified_time=?, count=? WHERE address=? AND reason=? AND device_host_name=? AND device_address=? AND events_count=? AND customer=? AND note=?
  133. [2018-05-17 11:36:11,323][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_DS337U SET reason=?, device_host_name=?, device_address=?, events_count=?, customer=?, note=?, last_modified_time=?, count=? WHERE address=? AND reason=? AND device_host_name=? AND device_address=? AND events_count=? AND customer is null AND note=?
  134. [2018-05-17 11:36:11,324][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_MQ83CQ SET device_type=?, device_action=?, customer_name=?, note=?, last_modified_time=?, count=? WHERE account_name=? AND account_domain=? AND device_type=? AND device_action=? AND customer_name=? AND note=?
  135. [2018-05-17 11:36:11,331][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_GB7T4E SET total_event_count=?, event_count_s_l_c=?, device_address=?, agent_name=?, last_event_received=?, last_modified_time=?, count=? WHERE device_host_name=? AND device_vendor=? AND device_product=? AND device_zone=? AND customer=?
  136. [2018-05-17 11:36:11,367][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel, channelID=QLb0DbWMBABCC+jCSIb7nOQ=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-16 07:14:56.616' and event1.manager_receipt_time < '2018-05-16 07:16:23.085') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.request_url) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.request_url) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.name) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enotal1f.beget.tech%')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  137. [2018-05-17 11:36:11,391][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_GB7T4E SET total_event_count=?, event_count_s_l_c=?, device_address=?, agent_name=?, last_event_received=?, last_modified_time=?, count=? WHERE device_host_name=? AND device_vendor=? AND device_product=? AND device_zone is null AND customer=?
  138. [2018-05-17 11:36:11,416][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_KPM0ED SET address=?, status=?, last_modified_time=?, count=? WHERE customer=? AND account_name=? AND country_name=? AND location_info is null AND address=? AND status=?
  139. [2018-05-17 11:36:11,428][INFO ][default.com.arcsight.common.activelist.DefaultActiveListCache] Purged AL AAC-S: Authentication and Logon Failed Overview removing 1 entries in 3 msec, new size = 3980
  140. [2018-05-17 11:36:11,429][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_1ZROKL SET last_modified_time=?, count=? WHERE customer=? AND device_type=? AND action=? AND user_name=? AND user_domain=?
  141. [2018-05-17 11:36:11,431][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] Purge SQL is DELETE FROM ARC_ALD_1ZROKL WHERE last_modified_time <= '2018-05-16 08:35:12.058'
  142. [2018-05-17 11:36:11,452][INFO ][default.com.arcsight.common.activelist.a] Purged AL AAC-S: Authentication Failed - last week removing 6 entries in 20 msec, new size = 12864
  143. [2018-05-17 11:36:11,453][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_Z6XNLE SET customer=?, reason=?, attacker_host_name=?, attacker_address=?, attacker_zone=?, target_host_name=?, target_address=?, target_zone=?, logon_type=?, auth_metod=?, authority=?, system_class=?, system_family=?, protocol=?, user_id=?, last_modified_time=?, count=? WHERE user_name=? AND user_domain=? AND customer=? AND reason=? AND attacker_host_name=? AND attacker_address=? AND attacker_zone=? AND target_host_name=? AND target_address=? AND target_zone=? AND logon_type=? AND auth_metod=? AND authority=? AND system_class=? AND system_family=? AND protocol=? AND user_id=?
  144. [2018-05-17 11:36:11,468][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_Z6XNLE SET customer=?, reason=?, attacker_host_name=?, attacker_address=?, attacker_zone=?, target_host_name=?, target_address=?, target_zone=?, logon_type=?, auth_metod=?, authority=?, system_class=?, system_family=?, protocol=?, user_id=?, last_modified_time=?, count=? WHERE user_name=? AND user_domain=? AND customer=? AND reason=? AND attacker_host_name=? AND attacker_address=? AND attacker_zone=? AND target_host_name=? AND target_address=? AND target_zone=? AND logon_type=? AND auth_metod=? AND authority=? AND system_class=? AND system_family=? AND protocol=? AND user_id is null
  145. [2018-05-17 11:36:11,470][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_Z6XNLE SET customer=?, reason=?, attacker_host_name=?, attacker_address=?, attacker_zone=?, target_host_name=?, target_address=?, target_zone=?, logon_type=?, auth_metod=?, authority=?, system_class=?, system_family=?, protocol=?, user_id=?, last_modified_time=?, count=? WHERE user_name=? AND user_domain=? AND customer=? AND reason=? AND attacker_host_name is null AND attacker_address=? AND attacker_zone=? AND target_host_name=? AND target_address=? AND target_zone=? AND logon_type=? AND auth_metod=? AND authority=? AND system_class=? AND system_family=? AND protocol=? AND user_id=?
  146. [2018-05-17 11:36:11,475][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] DELETE FROM ARC_ALD_1QT7OP WHERE customer=? AND prefix=? AND a_s__path=? AND origin=? AND leaker=?
  147. [2018-05-17 11:36:11,521][INFO ][default.com.arcsight.common.activelist.DefaultActiveListCache] Purged AL Query Running Time removing 30 entries in 44 msec, new size = 74486
  148. [2018-05-17 11:36:11,525][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] Purge SQL is DELETE FROM ARC_ALD_CPK33P WHERE last_modified_time <= '2018-04-17 08:35:12.091'
  149. [2018-05-17 11:36:11,530][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_8HI8KO SET process_name=?, proccess_path=?, zone_name=?, note=?, last_modified_time=?, count=? WHERE customer=? AND full_proccess_name=? AND host_name=? AND host_address=?
  150. [2018-05-17 11:36:11,533][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_R0M0AI SET country=?, city=?, last_modified_time=?, count=? WHERE user_name is null AND public_address is null AND private_address=?
  151. [2018-05-17 11:36:11,535][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_X5JAGJ SET reason=?, device_host_name=?, device_address=?, events_count=?, customer=?, note=?, last_modified_time=?, count=? WHERE address=? AND reason=? AND device_host_name=? AND device_address=? AND events_count=? AND customer is null AND note=?
  152. [2018-05-17 11:36:11,535][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_X5JAGJ SET reason=?, device_host_name=?, device_address=?, events_count=?, customer=?, note=?, last_modified_time=?, count=? WHERE address=? AND reason=? AND device_host_name=? AND device_address=? AND events_count=? AND customer=? AND note=?
  153. [2018-05-17 11:36:11,537][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] DELETE FROM ARC_ALD_6Z5DB4 WHERE account_name=? AND public_address=? AND private_address=? AND country=? AND location=? AND device_host_name=? AND device_product=?
  154. [2018-05-17 11:36:11,539][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_XS0SYT SET last_modified_time=?, count=? WHERE address=? AND zone=? AND customer=?
  155. [2018-05-17 11:36:11,540][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] DELETE FROM ARC_ALD_BIKV4S WHERE customer=? AND device_host_name=? AND device_product=? AND account_name=? AND account_group=? AND account_domain=? AND private_address=? AND public_address=? AND country=? AND location=? AND note=?
  156. [2018-05-17 11:36:11,569][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] DELETE FROM ARC_ALD_DOKBO3 WHERE customer_name=? AND attacker_user_name=?
  157. [2018-05-17 11:36:11,571][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_XIR68K SET customer=?, username=?, last_modified_time=?, count=? WHERE hostname=? AND i_p_address=? AND a_u_i_d=?
  158. [2018-05-17 11:36:11,578][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_UJ51FP SET last_modified_time=?, count=? WHERE customer=? AND signature_name=? AND message=? AND additional_info=? AND attacker_address=? AND target_address=? AND day=? AND note=?
  159. [2018-05-17 11:36:11,579][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_UJ51FP SET last_modified_time=?, count=? WHERE customer is null AND signature_name=? AND message=? AND additional_info=? AND attacker_address=? AND target_address=? AND day=? AND note=?
  160. [2018-05-17 11:36:11,592][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_BUD5C8 SET customer=?, host_name=?, host_asset=?, adm_server=?, adm_group=?, last_modified_time=?, count=? WHERE host_address=? AND customer=? AND host_name=? AND host_asset=? AND adm_server=? AND adm_group=?
  161. [2018-05-17 11:36:11,592][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_BUD5C8 SET customer=?, host_name=?, host_asset=?, adm_server=?, adm_group=?, last_modified_time=?, count=? WHERE host_address=? AND customer=? AND host_name=? AND host_asset is null AND adm_server=? AND adm_group=?
  162. [2018-05-17 11:36:11,599][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_JJ1DFH SET i_p_address=?, adm_group=?, network_status=?, last_modified_time=?, count=? WHERE adm_server=? AND host_name=?
  163. [2018-05-17 11:36:11,603][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_OBTOW9 SET agent_address=?, agent_host_name=?, agent_name=?, last_modified_time=?, count=? WHERE device_host_name_low_case=? AND device_address=? AND device_vendor=? AND device_product=?
  164. [2018-05-17 11:36:11,603][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_OBTOW9 SET agent_address=?, agent_host_name=?, agent_name=?, last_modified_time=?, count=? WHERE device_host_name_low_case=? AND device_address=? AND device_vendor=? AND device_product is null
  165. [2018-05-17 11:36:11,659][INFO ][default.com.arcsight.common.activelist.DefaultActiveListCache] Purged AL Connector Event in Un-Configured Zone removing 277 entries in 55 msec, new size = 205660
  166. [2018-05-17 11:36:11,662][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_R9122S SET zone_name=?, connector_i_d=?, last_modified_time=?, count=? WHERE i_p_address=?
  167. [2018-05-17 11:36:11,663][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_RBTK2O SET last_modified_time=?, count=? WHERE address=? AND zone=?
  168. [2018-05-17 11:36:11,677][INFO ][default.com.arcsight.common.activelist.DefaultActiveListCache] Purged AL Windows Update Info removing 117 entries in 13 msec, new size = 46841
  169. [2018-05-17 11:36:11,678][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] Purge SQL is DELETE FROM ARC_ALD_IG8CT1 WHERE last_modified_time <= '2018-05-16 08:35:12.286'
  170. [2018-05-17 11:36:11,844][INFO ][default.com.arcsight.common.activelist.DefaultActiveListCache] Purged AL AAC-S: VPN Sessions Details removing 2 entries in 161 msec, new size = 319745
  171. [2018-05-17 11:36:11,845][INFO ][default.com.arcsight.common.schema.mysql.MysqlDatabaseTableSchemaBrokerDelegate] UPDATE ARC_ALD_3MR6AR SET private_address=?, country=?, location=?, end_time=?, reason=?, mb_in=?, mb_out=?, duration=?, account_group=?, note=?, last_modified_time=?, count=? WHERE customer=? AND account_name=? AND public_address=? AND start_time=? AND devcie_vendor=? AND device_host_name=?
  172. [2018-05-17 11:36:11,905][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:11 GMT,ComponentAddress=[Agent,AgentID=3VPpN3GEBABDn-JyESjRn-Q==]->null]
  173. [2018-05-17 11:36:11,906][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3VPpN3GEBABDn-JyESjRn-Q== gAc+bWMBABDA3fOd-LG1Jw==
  174. [2018-05-17 11:36:11,906][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 1ms.
  175. [2018-05-17 11:36:12,071][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:12 GMT,ComponentAddress=[Agent,AgentID=3ATpnrlcBABC0HPlGDqCoaA==]->null]
  176. [2018-05-17 11:36:12,072][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3ATpnrlcBABC0HPlGDqCoaA== pAg+bWMBABD3SH6Hpevn0Q==
  177. [2018-05-17 11:36:12,072][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 2ms.
  178. [2018-05-17 11:36:12,177][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel 1, channelID=Q58UDbWMBABCC+67bu0nytw=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-15 16:45:39.894' and event1.manager_receipt_time < '2018-05-15 16:48:39.267') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.file_hash) = BINARY UPPER('4ebf3e5afa85a48a34cf0e344c685c9f97d59c002d54eb3ee19d6b79bae9e4dd') or UPPER(event1.file_hash) = BINARY UPPER('a5dbbbc7996967cf7f16f998fab6dbc09a087082a0d17287418b8ffc2b6228f3') or UPPER(event1.file_hash) = BINARY UPPER('2be87bc7e1cee08a3abc7f8fefcfab697bd28404441f2b8ee8fafba356164902') or UPPER(event1.file_hash) = BINARY UPPER('683aca7614f51d52e2121e240dd2d5fc72858d7dbc6e27f97be83a987f9c5103') or UPPER(event1.file_hash) = BINARY UPPER('da0d0bc24c204e5771f4d7334b322caed6cb0021b719741900b94d91fe01a7c4') or UPPER(event1.file_hash) = BINARY UPPER('c0b505299214d21c5f89aea4d381dbd76ef5ce9a38770b693578d4647e61a471') or UPPER(event1.file_hash) = BINARY UPPER('005bdb6b31dc26406694749f1de59d5cce330de603e8b407c80e8ff7dddda4a3') or UPPER(event1.file_hash) = BINARY UPPER('cb5abc9a8ef7936892e4627fe4d94d28120bb653002c1fd6f1a449ce86d9e909') or UPPER(event1.file_hash) = BINARY UPPER('8b8b7d5da95a731f699ccc5c81f410f7d3b48b4986d5be2dee084cb269931151') or UPPER(event1.file_hash) = BINARY UPPER('6344f5fe0081dcff6345055d2f90e163ec8eb214edfff44fe56fc2d1ed14d322') or UPPER(event1.file_hash) = BINARY UPPER('04235dc68d798863ca1177864c7dba300cf1def2c6eb79885338fc8279b8aa49') or UPPER(event1.file_hash) = BINARY UPPER('e6fa65c97244ff34348b958bb53c2046897d4c5137d06a9dff327597f5b5430f') or UPPER(event1.file_hash) = BINARY UPPER('2b73bdabd16316804a9f175b7078769bdced003dbe7ee944088abae67a0a5fee') or UPPER(event1.file_hash) = BINARY UPPER('2c365caa7c41a871c5a32c357ffb832ef9fa1cf72f0033c84e9a4a4bdaeae992') or UPPER(event1.file_hash) = BINARY UPPER('b8cd344fd7d8dd400db31f981b8a11b0aabe6b118d9aa498aa269144b441eb96') or UPPER(event1.file_hash) = BINARY UPPER('2e608a18562ad0427b02cc225db8703eb55be189bf2bccc9250b3b30022fdd90') or UPPER(event1.file_hash) = BINARY UPPER('2a990c1e97b0329b2c4f75766314d1fe91f554b3ac524d4229b6068d007c8e33') or UPPER(event1.file_hash) = BINARY UPPER('5bc214d0bf18ded3bd18595e96b609137207aeeb0786778f86191fbdfdbc0522') or UPPER(event1.file_hash) = BINARY UPPER('286b7bf5ab74a5ed919b2caff250084e35ace2df1ed1b1c9e4ea556ba73f9e1b') or UPPER(event1.file_hash) = BINARY UPPER('831b7b91b48c5c745b04731949c1ed32a2e9e68df66b6cc7f9e0b1fb0c6df5eb') or UPPER(event1.file_hash) = BINARY UPPER('31dd4401c496ceaa8c5d75bc0e8f7f5a1b648f5e5942e074fbb5c683d9eaf408') or UPPER(event1.file_hash) = BINARY UPPER('0f44cbc19862c6a2208d506564c3a3676e22c8203d2f3055a88c00c00ebf1c1e') or UPPER(event1.file_hash) = BINARY UPPER('c9c46a0f78abc1de95af1f26dd7c357146ce8ce462bd450617c138a81c2e119d') or UPPER(event1.file_hash) = BINARY UPPER('3e6044de4c65c6e4290d22a03c8c67c18dbc264de0b8da0f4a8711415073fe15') or UPPER(event1.file_hash) = BINARY UPPER('3e5dea4055b80ba3903b5ef0a4ad6130775337d3a068b721671e982ae4effda1') or UPPER(event1.file_hash) = BINARY UPPER('6d728e557152d8f5613ca8ea06329f1a08e8e13923ed0fa0a5142c3dd7cb0155') or UPPER(event1.file_hash) = BINARY UPPER('57bdbb582ad09382aa3d4e015269eddd56f7d712d11cde58cf0debac9fcd1829') or UPPER(event1.file_hash) = BINARY UPPER('a9822090b68066332178fcd8fbaaf706ad478e0a7a5b50e1b99bda52bc6ab081') or UPPER(event1.file_hash) = BINARY UPPER('a9e4d7aa5b6d83943aa4845dc467040ae4cd223ef603a5ab2d1896d9c2573932') or UPPER(event1.file_hash) = BINARY UPPER('bb3219959f1e25a415adf56481be96da1145c03e347d8852de310070256a09cc')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  179. [2018-05-17 11:36:12,803][WARN ][default.com.arcsight.common.verification.a] Event '520572583680' from agent '3ATpnrlcBABC0HPlGDqCoaA==/syslog' deviceVendor 'McAfee' deviceProduct 'Firewall' deviceEventClassId '70019' with attribute 'applicationProtocol' and length '41' value 'IPv6 Multicast Listener Query/0/IPV6-ICMP' is too long for DB column size '31'.
  180. [2018-05-17 11:36:12,803][WARN ][default.com.arcsight.common.verification.EventVerifierConnectable] Chopped value of attribute 'applicationProtocol' for event '520572583680' to fit into database column size '31'
  181. [2018-05-17 11:36:13,989][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:13 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QbdzjAGMBABDFNvZD2+V+yQ==,bucketCount=4'.
  182. [2018-05-17 11:36:13,989][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:13 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QhW97KWIBABCFm7Oxmt1O4w==,bucketCount=1'.
  183. [2018-05-17 11:36:14,341][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5] Error while parsing event 42/100
  184. [2018-05-17 11:36:14,341][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5]
  185. java.lang.ArrayIndexOutOfBoundsException
  186. [2018-05-17 11:36:14,341][ERROR][default.com.arcsight.server.agent.protocol.EventServlet]
  187. com.arcsight.common.serialize.SerializationException: java.lang.ArrayIndexOutOfBoundsException
  188. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAllEvents(BinarySecurityEventSerializerV5.java:1376)
  189. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAll(BinarySecurityEventSerializerV5.java:149)
  190. at com.arcsight.common.serialize.binary.BinaryContentHandler.unmarshallAll(BinaryContentHandler.java:673)
  191. at com.arcsight.common.serialize.StreamHandler.unmarshallAll(StreamHandler.java:722)
  192. at com.arcsight.server.agent.protocol.EventServlet.deserializeEventsBinary(EventServlet.java:775)
  193. at com.arcsight.server.agent.protocol.EventServlet.doProcessRequest(EventServlet.java:453)
  194. at com.arcsight.server.agent.protocol.EventServlet.processRequest(EventServlet.java:378)
  195. at com.arcsight.server.agent.protocol.EventServlet.handle(EventServlet.java:239)
  196. at com.arcsight.server.agent.protocol.AgentServletBase.doPost(AgentServletBase.java:553)
  197. at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
  198. at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
  199. at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:488)
  200. at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:403)
  201. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1050)
  202. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1003)
  203. at org.mortbay.http.HttpServer.service(HttpServer.java:774)
  204. at org.mortbay.http.HttpConnection.service(HttpConnection.java:745)
  205. at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:918)
  206. at org.mortbay.http.HttpConnection.handle(HttpConnection.java:760)
  207. at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:165)
  208. at com.arcsight.server.SeededJsseListener.handleConnection(SeededJsseListener.java:268)
  209. at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
  210. at org.mortbay.util.ThreadPool$JobRunner.run(ThreadPool.java:773)
  211. at java.lang.Thread.run(Thread.java:748)
  212. Caused by: java.lang.ArrayIndexOutOfBoundsException
  213. [2018-05-17 11:36:14,375][WARN ][default.com.arcsight.util.TimedRingBuffer] Throwing out increment 3, increment time = 1526550391000, acceptable range 1526541870236 - 1526546370236 (discarded=774)
  214. [2018-05-17 11:36:14,375][WARN ][default.com.arcsight.util.TimedRingBuffer] Throwing out increment 3, increment time = 1526550391000, acceptable range 1526542770420 - 1526546370420
  215. [2018-05-17 11:36:14,634][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages for recipient 'ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]]' picked up: [com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@1ba07e5e, com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@59e02596]
  216. [2018-05-17 11:36:16,278][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel, channelID=QLb0DbWMBABCC+jCSIb7nOQ=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-16 07:13:30.147' and event1.manager_receipt_time < '2018-05-16 07:14:56.616') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.request_url) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.request_url) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.name) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enotal1f.beget.tech%')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  217. [2018-05-17 11:36:16,557][INFO ][default.com.arcsight.common.persist.CachingSecurityEventBroker] Events requested: 1. Found in cache: 0 in 0 ms. Obtained from broker: 1 in 367 ms.
  218. [2018-05-17 11:36:17,010][INFO ][default.com.arcsight.common.persist.CachingSecurityEventBroker] Events requested: 1. Found in cache: 0 in 0 ms. Obtained from broker: 1 in 353 ms.
  219. [2018-05-17 11:36:17,190][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel 1, channelID=Q58UDbWMBABCC+67bu0nytw=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-15 16:42:40.521' and event1.manager_receipt_time < '2018-05-15 16:45:39.894') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.file_hash) = BINARY UPPER('4ebf3e5afa85a48a34cf0e344c685c9f97d59c002d54eb3ee19d6b79bae9e4dd') or UPPER(event1.file_hash) = BINARY UPPER('a5dbbbc7996967cf7f16f998fab6dbc09a087082a0d17287418b8ffc2b6228f3') or UPPER(event1.file_hash) = BINARY UPPER('2be87bc7e1cee08a3abc7f8fefcfab697bd28404441f2b8ee8fafba356164902') or UPPER(event1.file_hash) = BINARY UPPER('683aca7614f51d52e2121e240dd2d5fc72858d7dbc6e27f97be83a987f9c5103') or UPPER(event1.file_hash) = BINARY UPPER('da0d0bc24c204e5771f4d7334b322caed6cb0021b719741900b94d91fe01a7c4') or UPPER(event1.file_hash) = BINARY UPPER('c0b505299214d21c5f89aea4d381dbd76ef5ce9a38770b693578d4647e61a471') or UPPER(event1.file_hash) = BINARY UPPER('005bdb6b31dc26406694749f1de59d5cce330de603e8b407c80e8ff7dddda4a3') or UPPER(event1.file_hash) = BINARY UPPER('cb5abc9a8ef7936892e4627fe4d94d28120bb653002c1fd6f1a449ce86d9e909') or UPPER(event1.file_hash) = BINARY UPPER('8b8b7d5da95a731f699ccc5c81f410f7d3b48b4986d5be2dee084cb269931151') or UPPER(event1.file_hash) = BINARY UPPER('6344f5fe0081dcff6345055d2f90e163ec8eb214edfff44fe56fc2d1ed14d322') or UPPER(event1.file_hash) = BINARY UPPER('04235dc68d798863ca1177864c7dba300cf1def2c6eb79885338fc8279b8aa49') or UPPER(event1.file_hash) = BINARY UPPER('e6fa65c97244ff34348b958bb53c2046897d4c5137d06a9dff327597f5b5430f') or UPPER(event1.file_hash) = BINARY UPPER('2b73bdabd16316804a9f175b7078769bdced003dbe7ee944088abae67a0a5fee') or UPPER(event1.file_hash) = BINARY UPPER('2c365caa7c41a871c5a32c357ffb832ef9fa1cf72f0033c84e9a4a4bdaeae992') or UPPER(event1.file_hash) = BINARY UPPER('b8cd344fd7d8dd400db31f981b8a11b0aabe6b118d9aa498aa269144b441eb96') or UPPER(event1.file_hash) = BINARY UPPER('2e608a18562ad0427b02cc225db8703eb55be189bf2bccc9250b3b30022fdd90') or UPPER(event1.file_hash) = BINARY UPPER('2a990c1e97b0329b2c4f75766314d1fe91f554b3ac524d4229b6068d007c8e33') or UPPER(event1.file_hash) = BINARY UPPER('5bc214d0bf18ded3bd18595e96b609137207aeeb0786778f86191fbdfdbc0522') or UPPER(event1.file_hash) = BINARY UPPER('286b7bf5ab74a5ed919b2caff250084e35ace2df1ed1b1c9e4ea556ba73f9e1b') or UPPER(event1.file_hash) = BINARY UPPER('831b7b91b48c5c745b04731949c1ed32a2e9e68df66b6cc7f9e0b1fb0c6df5eb') or UPPER(event1.file_hash) = BINARY UPPER('31dd4401c496ceaa8c5d75bc0e8f7f5a1b648f5e5942e074fbb5c683d9eaf408') or UPPER(event1.file_hash) = BINARY UPPER('0f44cbc19862c6a2208d506564c3a3676e22c8203d2f3055a88c00c00ebf1c1e') or UPPER(event1.file_hash) = BINARY UPPER('c9c46a0f78abc1de95af1f26dd7c357146ce8ce462bd450617c138a81c2e119d') or UPPER(event1.file_hash) = BINARY UPPER('3e6044de4c65c6e4290d22a03c8c67c18dbc264de0b8da0f4a8711415073fe15') or UPPER(event1.file_hash) = BINARY UPPER('3e5dea4055b80ba3903b5ef0a4ad6130775337d3a068b721671e982ae4effda1') or UPPER(event1.file_hash) = BINARY UPPER('6d728e557152d8f5613ca8ea06329f1a08e8e13923ed0fa0a5142c3dd7cb0155') or UPPER(event1.file_hash) = BINARY UPPER('57bdbb582ad09382aa3d4e015269eddd56f7d712d11cde58cf0debac9fcd1829') or UPPER(event1.file_hash) = BINARY UPPER('a9822090b68066332178fcd8fbaaf706ad478e0a7a5b50e1b99bda52bc6ab081') or UPPER(event1.file_hash) = BINARY UPPER('a9e4d7aa5b6d83943aa4845dc467040ae4cd223ef603a5ab2d1896d9c2573932') or UPPER(event1.file_hash) = BINARY UPPER('bb3219959f1e25a415adf56481be96da1145c03e347d8852de310070256a09cc')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  220. [2018-05-17 11:36:17,411][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:17 GMT,ComponentAddress=[Agent,AgentID=3cd+xdF0BABCbi48KNIwMBA==]->null]
  221. [2018-05-17 11:36:17,412][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3cd+xdF0BABCbi48KNIwMBA== aR0+bWMBABDQEsk6oxPL3w==
  222. [2018-05-17 11:36:17,412][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 1ms.
  223. [2018-05-17 11:36:17,934][INFO ][default.com.arcsight.common.persist.CachingSecurityEventBroker] Events requested: 1. Found in cache: 0 in 0 ms. Obtained from broker: 1 in 370 ms.
  224. [2018-05-17 11:36:18,178][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:18 GMT,ComponentAddress=[Agent,AgentID=3-8UQpl8BABC-OF2cl7HFNA==]->null]
  225. [2018-05-17 11:36:18,179][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3-8UQpl8BABC-OF2cl7HFNA== aCA+bWMBABC6qLL3RdI4aw==
  226. [2018-05-17 11:36:18,179][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 1ms.
  227. [2018-05-17 11:36:18,989][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:18 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QQ9wgaWMBABCF6l0X1DlkUQ=H,bucketCount=1'.
  228. [2018-05-17 11:36:18,989][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:18 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QhW97KWIBABCFm7Oxmt1O4w==,bucketCount=1'.
  229. [2018-05-17 11:36:18,989][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:18 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QbdzjAGMBABDFNvZD2+V+yQ==,bucketCount=4'.
  230. [2018-05-17 11:36:18,989][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_STATS_PROGRESS,17 May 2018 08:36:18 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]]'.
  231. [2018-05-17 11:36:19,122][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:18 GMT,ComponentAddress=[Agent,AgentID=3kirtH2IBABDKQV1J5cd1Ig==]->null]
  232. [2018-05-17 11:36:19,124][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3kirtH2IBABDKQV1J5cd1Ig== siM+bWMBABC3-jSdzKI+1Q==
  233. [2018-05-17 11:36:19,124][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 2ms.
  234. [2018-05-17 11:36:19,375][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5] Error while parsing event 42/100
  235. [2018-05-17 11:36:19,375][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5]
  236. java.lang.ArrayIndexOutOfBoundsException
  237. [2018-05-17 11:36:19,375][ERROR][default.com.arcsight.server.agent.protocol.EventServlet]
  238. com.arcsight.common.serialize.SerializationException: java.lang.ArrayIndexOutOfBoundsException
  239. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAllEvents(BinarySecurityEventSerializerV5.java:1376)
  240. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAll(BinarySecurityEventSerializerV5.java:149)
  241. at com.arcsight.common.serialize.binary.BinaryContentHandler.unmarshallAll(BinaryContentHandler.java:673)
  242. at com.arcsight.common.serialize.StreamHandler.unmarshallAll(StreamHandler.java:722)
  243. at com.arcsight.server.agent.protocol.EventServlet.deserializeEventsBinary(EventServlet.java:775)
  244. at com.arcsight.server.agent.protocol.EventServlet.doProcessRequest(EventServlet.java:453)
  245. at com.arcsight.server.agent.protocol.EventServlet.processRequest(EventServlet.java:378)
  246. at com.arcsight.server.agent.protocol.EventServlet.handle(EventServlet.java:239)
  247. at com.arcsight.server.agent.protocol.AgentServletBase.doPost(AgentServletBase.java:553)
  248. at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
  249. at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
  250. at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:488)
  251. at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:403)
  252. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1050)
  253. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1003)
  254. at org.mortbay.http.HttpServer.service(HttpServer.java:774)
  255. at org.mortbay.http.HttpConnection.service(HttpConnection.java:745)
  256. at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:918)
  257. at org.mortbay.http.HttpConnection.handle(HttpConnection.java:760)
  258. at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:165)
  259. at com.arcsight.server.SeededJsseListener.handleConnection(SeededJsseListener.java:268)
  260. at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
  261. at org.mortbay.util.ThreadPool$JobRunner.run(ThreadPool.java:773)
  262. at java.lang.Thread.run(Thread.java:748)
  263. Caused by: java.lang.ArrayIndexOutOfBoundsException
  264. [2018-05-17 11:36:19,636][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages for recipient 'ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]]' picked up: [com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@6b84a3f, com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@11f08a0f, com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@93a54e1]
  265. [2018-05-17 11:36:20,728][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel, channelID=QLb0DbWMBABCC+jCSIb7nOQ=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-16 07:11:52.969' and event1.manager_receipt_time < '2018-05-16 07:13:30.147') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.request_url) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.request_url) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.name) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enotal1f.beget.tech%')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  266. [2018-05-17 11:36:20,967][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:20 GMT,ComponentAddress=[Agent,AgentID=3JlWE610BABC-ZfFgSJ2o-Q==]->null]
  267. [2018-05-17 11:36:20,969][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3JlWE610BABC-ZfFgSJ2o-Q== qio+bWMBABC6pZjv2JG+XA==
  268. [2018-05-17 11:36:20,969][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 2ms.
  269. [2018-05-17 11:36:21,208][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages for recipient 'ComponentAddress=[Console,Session=C:eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]]' picked up: [com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@1b90d9b9]
  270. [2018-05-17 11:36:21,238][WARN ][default.com.arcsight.util.TimedRingBuffer] Throwing out increment 1, increment time = 1526535375000, acceptable range 1526541870236 - 1526546370236 (discarded=1224)
  271. [2018-05-17 11:36:21,690][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:21 GMT,ComponentAddress=[Agent,AgentID=3fe2cZF0BABDGoMs3oAjLBA==]->null]
  272. [2018-05-17 11:36:21,691][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3fe2cZF0BABDGoMs3oAjLBA== IC4+bWMBABDLr9Yw4Bz77A==
  273. [2018-05-17 11:36:21,691][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 1ms.
  274. [2018-05-17 11:36:21,715][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:21 GMT,ComponentAddress=[Agent,AgentID=3C-O7dF0BABDJsQoCjuunlQ==]->null]
  275. [2018-05-17 11:36:21,716][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3C-O7dF0BABDJsQoCjuunlQ== OS4+bWMBABC6pWGWro+OQA==
  276. [2018-05-17 11:36:21,716][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 2ms.
  277. [2018-05-17 11:36:21,738][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:21 GMT,ComponentAddress=[Agent,AgentID=324Y6U2IBABDQY8fpmUGajg==]->null]
  278. [2018-05-17 11:36:21,739][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=324Y6U2IBABDQY8fpmUGajg== Ri4+bWMBABC3+osk83yT2A==
  279. [2018-05-17 11:36:21,739][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 1ms.
  280. [2018-05-17 11:36:21,854][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:21 GMT,ComponentAddress=[Agent,AgentID=3rVAuhF0BABClVIVOBbi74g==]->null]
  281. [2018-05-17 11:36:21,856][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3rVAuhF0BABClVIVOBbi74g== xS4+bWMBABC6pZQSd3riHw==
  282. [2018-05-17 11:36:21,856][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 2ms.
  283. [2018-05-17 11:36:22,362][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel 1, channelID=Q58UDbWMBABCC+67bu0nytw=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-15 16:39:41.148' and event1.manager_receipt_time < '2018-05-15 16:42:40.521') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.file_hash) = BINARY UPPER('4ebf3e5afa85a48a34cf0e344c685c9f97d59c002d54eb3ee19d6b79bae9e4dd') or UPPER(event1.file_hash) = BINARY UPPER('a5dbbbc7996967cf7f16f998fab6dbc09a087082a0d17287418b8ffc2b6228f3') or UPPER(event1.file_hash) = BINARY UPPER('2be87bc7e1cee08a3abc7f8fefcfab697bd28404441f2b8ee8fafba356164902') or UPPER(event1.file_hash) = BINARY UPPER('683aca7614f51d52e2121e240dd2d5fc72858d7dbc6e27f97be83a987f9c5103') or UPPER(event1.file_hash) = BINARY UPPER('da0d0bc24c204e5771f4d7334b322caed6cb0021b719741900b94d91fe01a7c4') or UPPER(event1.file_hash) = BINARY UPPER('c0b505299214d21c5f89aea4d381dbd76ef5ce9a38770b693578d4647e61a471') or UPPER(event1.file_hash) = BINARY UPPER('005bdb6b31dc26406694749f1de59d5cce330de603e8b407c80e8ff7dddda4a3') or UPPER(event1.file_hash) = BINARY UPPER('cb5abc9a8ef7936892e4627fe4d94d28120bb653002c1fd6f1a449ce86d9e909') or UPPER(event1.file_hash) = BINARY UPPER('8b8b7d5da95a731f699ccc5c81f410f7d3b48b4986d5be2dee084cb269931151') or UPPER(event1.file_hash) = BINARY UPPER('6344f5fe0081dcff6345055d2f90e163ec8eb214edfff44fe56fc2d1ed14d322') or UPPER(event1.file_hash) = BINARY UPPER('04235dc68d798863ca1177864c7dba300cf1def2c6eb79885338fc8279b8aa49') or UPPER(event1.file_hash) = BINARY UPPER('e6fa65c97244ff34348b958bb53c2046897d4c5137d06a9dff327597f5b5430f') or UPPER(event1.file_hash) = BINARY UPPER('2b73bdabd16316804a9f175b7078769bdced003dbe7ee944088abae67a0a5fee') or UPPER(event1.file_hash) = BINARY UPPER('2c365caa7c41a871c5a32c357ffb832ef9fa1cf72f0033c84e9a4a4bdaeae992') or UPPER(event1.file_hash) = BINARY UPPER('b8cd344fd7d8dd400db31f981b8a11b0aabe6b118d9aa498aa269144b441eb96') or UPPER(event1.file_hash) = BINARY UPPER('2e608a18562ad0427b02cc225db8703eb55be189bf2bccc9250b3b30022fdd90') or UPPER(event1.file_hash) = BINARY UPPER('2a990c1e97b0329b2c4f75766314d1fe91f554b3ac524d4229b6068d007c8e33') or UPPER(event1.file_hash) = BINARY UPPER('5bc214d0bf18ded3bd18595e96b609137207aeeb0786778f86191fbdfdbc0522') or UPPER(event1.file_hash) = BINARY UPPER('286b7bf5ab74a5ed919b2caff250084e35ace2df1ed1b1c9e4ea556ba73f9e1b') or UPPER(event1.file_hash) = BINARY UPPER('831b7b91b48c5c745b04731949c1ed32a2e9e68df66b6cc7f9e0b1fb0c6df5eb') or UPPER(event1.file_hash) = BINARY UPPER('31dd4401c496ceaa8c5d75bc0e8f7f5a1b648f5e5942e074fbb5c683d9eaf408') or UPPER(event1.file_hash) = BINARY UPPER('0f44cbc19862c6a2208d506564c3a3676e22c8203d2f3055a88c00c00ebf1c1e') or UPPER(event1.file_hash) = BINARY UPPER('c9c46a0f78abc1de95af1f26dd7c357146ce8ce462bd450617c138a81c2e119d') or UPPER(event1.file_hash) = BINARY UPPER('3e6044de4c65c6e4290d22a03c8c67c18dbc264de0b8da0f4a8711415073fe15') or UPPER(event1.file_hash) = BINARY UPPER('3e5dea4055b80ba3903b5ef0a4ad6130775337d3a068b721671e982ae4effda1') or UPPER(event1.file_hash) = BINARY UPPER('6d728e557152d8f5613ca8ea06329f1a08e8e13923ed0fa0a5142c3dd7cb0155') or UPPER(event1.file_hash) = BINARY UPPER('57bdbb582ad09382aa3d4e015269eddd56f7d712d11cde58cf0debac9fcd1829') or UPPER(event1.file_hash) = BINARY UPPER('a9822090b68066332178fcd8fbaaf706ad478e0a7a5b50e1b99bda52bc6ab081') or UPPER(event1.file_hash) = BINARY UPPER('a9e4d7aa5b6d83943aa4845dc467040ae4cd223ef603a5ab2d1896d9c2573932') or UPPER(event1.file_hash) = BINARY UPPER('bb3219959f1e25a415adf56481be96da1145c03e347d8852de310070256a09cc')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  284. [2018-05-17 11:36:22,683][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:22 GMT,ComponentAddress=[Agent,AgentID=3NOthhF0BABCQVUwCWaW-PQ==]->null]
  285. [2018-05-17 11:36:22,687][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3NOthhF0BABCQVUwCWaW-PQ== ATI+bWMBABC6qM4vLb7O5A==
  286. [2018-05-17 11:36:22,687][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 4ms.
  287. [2018-05-17 11:36:23,990][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:23 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QbdzjAGMBABDFNvZD2+V+yQ==,bucketCount=3'.
  288. [2018-05-17 11:36:24,110][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:23 GMT,ComponentAddress=[Agent,AgentID=3gCFd1mEBABCzu6ygg0ZEFQ==]->null]
  289. [2018-05-17 11:36:24,111][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3gCFd1mEBABCzu6ygg0ZEFQ== Ljc+bWMBABCvlMcN6ViNxA==
  290. [2018-05-17 11:36:24,111][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 1ms.
  291. [2018-05-17 11:36:24,413][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5] Error while parsing event 42/100
  292. [2018-05-17 11:36:24,413][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5]
  293. java.lang.ArrayIndexOutOfBoundsException
  294. [2018-05-17 11:36:24,413][ERROR][default.com.arcsight.server.agent.protocol.EventServlet]
  295. com.arcsight.common.serialize.SerializationException: java.lang.ArrayIndexOutOfBoundsException
  296. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAllEvents(BinarySecurityEventSerializerV5.java:1376)
  297. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAll(BinarySecurityEventSerializerV5.java:149)
  298. at com.arcsight.common.serialize.binary.BinaryContentHandler.unmarshallAll(BinaryContentHandler.java:673)
  299. at com.arcsight.common.serialize.StreamHandler.unmarshallAll(StreamHandler.java:722)
  300. at com.arcsight.server.agent.protocol.EventServlet.deserializeEventsBinary(EventServlet.java:775)
  301. at com.arcsight.server.agent.protocol.EventServlet.doProcessRequest(EventServlet.java:453)
  302. at com.arcsight.server.agent.protocol.EventServlet.processRequest(EventServlet.java:378)
  303. at com.arcsight.server.agent.protocol.EventServlet.handle(EventServlet.java:239)
  304. at com.arcsight.server.agent.protocol.AgentServletBase.doPost(AgentServletBase.java:553)
  305. at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
  306. at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
  307. at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:488)
  308. at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:403)
  309. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1050)
  310. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1003)
  311. at org.mortbay.http.HttpServer.service(HttpServer.java:774)
  312. at org.mortbay.http.HttpConnection.service(HttpConnection.java:745)
  313. at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:918)
  314. at org.mortbay.http.HttpConnection.handle(HttpConnection.java:760)
  315. at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:165)
  316. at com.arcsight.server.SeededJsseListener.handleConnection(SeededJsseListener.java:268)
  317. at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
  318. at org.mortbay.util.ThreadPool$JobRunner.run(ThreadPool.java:773)
  319. at java.lang.Thread.run(Thread.java:748)
  320. Caused by: java.lang.ArrayIndexOutOfBoundsException
  321. [2018-05-17 11:36:24,633][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages for recipient 'ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]]' picked up: [com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@51ae1cc5]
  322. [2018-05-17 11:36:25,609][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel, channelID=QLb0DbWMBABCC+jCSIb7nOQ=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-16 07:10:15.791' and event1.manager_receipt_time < '2018-05-16 07:11:52.969') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.request_url) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.request_url) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.name) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enotal1f.beget.tech%')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  323. [2018-05-17 11:36:26,440][INFO ][default.com.arcsight.server.agent.protocol.a] Received '100' from IP '192.168.227.132', agent ID '3r5sttFcBABDCBg7mKDVX1g==' (Deserialized in '0' ms). endTime range [1526546185000, 1526546185000].
  324. [2018-05-17 11:36:27,348][WARN ][default.com.arcsight.util.TimedRingBuffer] Throwing out increment 2, increment time = 1526550401000, acceptable range 1526542770420 - 1526546370420 (discarded=705)
  325. [2018-05-17 11:36:27,348][WARN ][default.com.arcsight.util.TimedRingBuffer] Throwing out increment 2, increment time = 1526550401000, acceptable range 1526541870236 - 1526546370236
  326. [2018-05-17 11:36:27,408][ERROR][default.com.arcsight.rulesengine.opsj.OPSJRulesEngine]
  327. java.lang.ClassCastException
  328. [2018-05-17 11:36:27,559][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel 1, channelID=Q58UDbWMBABCC+67bu0nytw=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-15 16:36:41.775' and event1.manager_receipt_time < '2018-05-15 16:39:41.148') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.file_hash) = BINARY UPPER('4ebf3e5afa85a48a34cf0e344c685c9f97d59c002d54eb3ee19d6b79bae9e4dd') or UPPER(event1.file_hash) = BINARY UPPER('a5dbbbc7996967cf7f16f998fab6dbc09a087082a0d17287418b8ffc2b6228f3') or UPPER(event1.file_hash) = BINARY UPPER('2be87bc7e1cee08a3abc7f8fefcfab697bd28404441f2b8ee8fafba356164902') or UPPER(event1.file_hash) = BINARY UPPER('683aca7614f51d52e2121e240dd2d5fc72858d7dbc6e27f97be83a987f9c5103') or UPPER(event1.file_hash) = BINARY UPPER('da0d0bc24c204e5771f4d7334b322caed6cb0021b719741900b94d91fe01a7c4') or UPPER(event1.file_hash) = BINARY UPPER('c0b505299214d21c5f89aea4d381dbd76ef5ce9a38770b693578d4647e61a471') or UPPER(event1.file_hash) = BINARY UPPER('005bdb6b31dc26406694749f1de59d5cce330de603e8b407c80e8ff7dddda4a3') or UPPER(event1.file_hash) = BINARY UPPER('cb5abc9a8ef7936892e4627fe4d94d28120bb653002c1fd6f1a449ce86d9e909') or UPPER(event1.file_hash) = BINARY UPPER('8b8b7d5da95a731f699ccc5c81f410f7d3b48b4986d5be2dee084cb269931151') or UPPER(event1.file_hash) = BINARY UPPER('6344f5fe0081dcff6345055d2f90e163ec8eb214edfff44fe56fc2d1ed14d322') or UPPER(event1.file_hash) = BINARY UPPER('04235dc68d798863ca1177864c7dba300cf1def2c6eb79885338fc8279b8aa49') or UPPER(event1.file_hash) = BINARY UPPER('e6fa65c97244ff34348b958bb53c2046897d4c5137d06a9dff327597f5b5430f') or UPPER(event1.file_hash) = BINARY UPPER('2b73bdabd16316804a9f175b7078769bdced003dbe7ee944088abae67a0a5fee') or UPPER(event1.file_hash) = BINARY UPPER('2c365caa7c41a871c5a32c357ffb832ef9fa1cf72f0033c84e9a4a4bdaeae992') or UPPER(event1.file_hash) = BINARY UPPER('b8cd344fd7d8dd400db31f981b8a11b0aabe6b118d9aa498aa269144b441eb96') or UPPER(event1.file_hash) = BINARY UPPER('2e608a18562ad0427b02cc225db8703eb55be189bf2bccc9250b3b30022fdd90') or UPPER(event1.file_hash) = BINARY UPPER('2a990c1e97b0329b2c4f75766314d1fe91f554b3ac524d4229b6068d007c8e33') or UPPER(event1.file_hash) = BINARY UPPER('5bc214d0bf18ded3bd18595e96b609137207aeeb0786778f86191fbdfdbc0522') or UPPER(event1.file_hash) = BINARY UPPER('286b7bf5ab74a5ed919b2caff250084e35ace2df1ed1b1c9e4ea556ba73f9e1b') or UPPER(event1.file_hash) = BINARY UPPER('831b7b91b48c5c745b04731949c1ed32a2e9e68df66b6cc7f9e0b1fb0c6df5eb') or UPPER(event1.file_hash) = BINARY UPPER('31dd4401c496ceaa8c5d75bc0e8f7f5a1b648f5e5942e074fbb5c683d9eaf408') or UPPER(event1.file_hash) = BINARY UPPER('0f44cbc19862c6a2208d506564c3a3676e22c8203d2f3055a88c00c00ebf1c1e') or UPPER(event1.file_hash) = BINARY UPPER('c9c46a0f78abc1de95af1f26dd7c357146ce8ce462bd450617c138a81c2e119d') or UPPER(event1.file_hash) = BINARY UPPER('3e6044de4c65c6e4290d22a03c8c67c18dbc264de0b8da0f4a8711415073fe15') or UPPER(event1.file_hash) = BINARY UPPER('3e5dea4055b80ba3903b5ef0a4ad6130775337d3a068b721671e982ae4effda1') or UPPER(event1.file_hash) = BINARY UPPER('6d728e557152d8f5613ca8ea06329f1a08e8e13923ed0fa0a5142c3dd7cb0155') or UPPER(event1.file_hash) = BINARY UPPER('57bdbb582ad09382aa3d4e015269eddd56f7d712d11cde58cf0debac9fcd1829') or UPPER(event1.file_hash) = BINARY UPPER('a9822090b68066332178fcd8fbaaf706ad478e0a7a5b50e1b99bda52bc6ab081') or UPPER(event1.file_hash) = BINARY UPPER('a9e4d7aa5b6d83943aa4845dc467040ae4cd223ef603a5ab2d1896d9c2573932') or UPPER(event1.file_hash) = BINARY UPPER('bb3219959f1e25a415adf56481be96da1145c03e347d8852de310070256a09cc')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  329. [2018-05-17 11:36:28,989][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:28 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QbdzjAGMBABDFNvZD2+V+yQ==,bucketCount=3'.
  330. [2018-05-17 11:36:28,989][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:28 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QhW97KWIBABCFm7Oxmt1O4w==,bucketCount=1'.
  331. [2018-05-17 11:36:29,457][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5] Error while parsing event 42/100
  332. [2018-05-17 11:36:29,457][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5]
  333. java.lang.ArrayIndexOutOfBoundsException
  334. [2018-05-17 11:36:29,457][ERROR][default.com.arcsight.server.agent.protocol.EventServlet]
  335. com.arcsight.common.serialize.SerializationException: java.lang.ArrayIndexOutOfBoundsException
  336. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAllEvents(BinarySecurityEventSerializerV5.java:1376)
  337. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAll(BinarySecurityEventSerializerV5.java:149)
  338. at com.arcsight.common.serialize.binary.BinaryContentHandler.unmarshallAll(BinaryContentHandler.java:673)
  339. at com.arcsight.common.serialize.StreamHandler.unmarshallAll(StreamHandler.java:722)
  340. at com.arcsight.server.agent.protocol.EventServlet.deserializeEventsBinary(EventServlet.java:775)
  341. at com.arcsight.server.agent.protocol.EventServlet.doProcessRequest(EventServlet.java:453)
  342. at com.arcsight.server.agent.protocol.EventServlet.processRequest(EventServlet.java:378)
  343. at com.arcsight.server.agent.protocol.EventServlet.handle(EventServlet.java:239)
  344. at com.arcsight.server.agent.protocol.AgentServletBase.doPost(AgentServletBase.java:553)
  345. at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
  346. at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
  347. at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:488)
  348. at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:403)
  349. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1050)
  350. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1003)
  351. at org.mortbay.http.HttpServer.service(HttpServer.java:774)
  352. at org.mortbay.http.HttpConnection.service(HttpConnection.java:745)
  353. at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:918)
  354. at org.mortbay.http.HttpConnection.handle(HttpConnection.java:760)
  355. at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:165)
  356. at com.arcsight.server.SeededJsseListener.handleConnection(SeededJsseListener.java:268)
  357. at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
  358. at org.mortbay.util.ThreadPool$JobRunner.run(ThreadPool.java:773)
  359. at java.lang.Thread.run(Thread.java:748)
  360. Caused by: java.lang.ArrayIndexOutOfBoundsException
  361. [2018-05-17 11:36:29,638][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages for recipient 'ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]]' picked up: [com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@15035d7d, com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@361d20]
  362. [2018-05-17 11:36:30,602][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel, channelID=QLb0DbWMBABCC+jCSIb7nOQ=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-16 07:08:38.613' and event1.manager_receipt_time < '2018-05-16 07:10:15.791') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.request_url) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.request_url) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.name) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enotal1f.beget.tech%')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  363. [2018-05-17 11:36:31,404][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages delivers: [AGENT_STATUS_UPDATE,17 May 2018 08:36:31 GMT,ComponentAddress=[Agent,AgentID=3Sbnk-2EBABC-kr5nVdmfAg==]->null]
  364. [2018-05-17 11:36:31,405][INFO ][default.com.arcsight.server.agent.BatchCommandProcess$BatchCommandProcessListener] Type=AGENT_STATUS_UPDATE Agent=3Sbnk-2EBABC-kr5nVdmfAg== rFM+bWMBABC4AF+RPAqqzw==
  365. [2018-05-17 11:36:31,405][INFO ][default.com.arcsight.server.agent.protocol.InterComponentMessageServlet] 1 inter component messages processed in 2ms.
  366. [2018-05-17 11:36:33,508][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel 1, channelID=Q58UDbWMBABCC+67bu0nytw=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-15 16:34:08.648' and event1.manager_receipt_time < '2018-05-15 16:36:41.775') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.file_hash) = BINARY UPPER('4ebf3e5afa85a48a34cf0e344c685c9f97d59c002d54eb3ee19d6b79bae9e4dd') or UPPER(event1.file_hash) = BINARY UPPER('a5dbbbc7996967cf7f16f998fab6dbc09a087082a0d17287418b8ffc2b6228f3') or UPPER(event1.file_hash) = BINARY UPPER('2be87bc7e1cee08a3abc7f8fefcfab697bd28404441f2b8ee8fafba356164902') or UPPER(event1.file_hash) = BINARY UPPER('683aca7614f51d52e2121e240dd2d5fc72858d7dbc6e27f97be83a987f9c5103') or UPPER(event1.file_hash) = BINARY UPPER('da0d0bc24c204e5771f4d7334b322caed6cb0021b719741900b94d91fe01a7c4') or UPPER(event1.file_hash) = BINARY UPPER('c0b505299214d21c5f89aea4d381dbd76ef5ce9a38770b693578d4647e61a471') or UPPER(event1.file_hash) = BINARY UPPER('005bdb6b31dc26406694749f1de59d5cce330de603e8b407c80e8ff7dddda4a3') or UPPER(event1.file_hash) = BINARY UPPER('cb5abc9a8ef7936892e4627fe4d94d28120bb653002c1fd6f1a449ce86d9e909') or UPPER(event1.file_hash) = BINARY UPPER('8b8b7d5da95a731f699ccc5c81f410f7d3b48b4986d5be2dee084cb269931151') or UPPER(event1.file_hash) = BINARY UPPER('6344f5fe0081dcff6345055d2f90e163ec8eb214edfff44fe56fc2d1ed14d322') or UPPER(event1.file_hash) = BINARY UPPER('04235dc68d798863ca1177864c7dba300cf1def2c6eb79885338fc8279b8aa49') or UPPER(event1.file_hash) = BINARY UPPER('e6fa65c97244ff34348b958bb53c2046897d4c5137d06a9dff327597f5b5430f') or UPPER(event1.file_hash) = BINARY UPPER('2b73bdabd16316804a9f175b7078769bdced003dbe7ee944088abae67a0a5fee') or UPPER(event1.file_hash) = BINARY UPPER('2c365caa7c41a871c5a32c357ffb832ef9fa1cf72f0033c84e9a4a4bdaeae992') or UPPER(event1.file_hash) = BINARY UPPER('b8cd344fd7d8dd400db31f981b8a11b0aabe6b118d9aa498aa269144b441eb96') or UPPER(event1.file_hash) = BINARY UPPER('2e608a18562ad0427b02cc225db8703eb55be189bf2bccc9250b3b30022fdd90') or UPPER(event1.file_hash) = BINARY UPPER('2a990c1e97b0329b2c4f75766314d1fe91f554b3ac524d4229b6068d007c8e33') or UPPER(event1.file_hash) = BINARY UPPER('5bc214d0bf18ded3bd18595e96b609137207aeeb0786778f86191fbdfdbc0522') or UPPER(event1.file_hash) = BINARY UPPER('286b7bf5ab74a5ed919b2caff250084e35ace2df1ed1b1c9e4ea556ba73f9e1b') or UPPER(event1.file_hash) = BINARY UPPER('831b7b91b48c5c745b04731949c1ed32a2e9e68df66b6cc7f9e0b1fb0c6df5eb') or UPPER(event1.file_hash) = BINARY UPPER('31dd4401c496ceaa8c5d75bc0e8f7f5a1b648f5e5942e074fbb5c683d9eaf408') or UPPER(event1.file_hash) = BINARY UPPER('0f44cbc19862c6a2208d506564c3a3676e22c8203d2f3055a88c00c00ebf1c1e') or UPPER(event1.file_hash) = BINARY UPPER('c9c46a0f78abc1de95af1f26dd7c357146ce8ce462bd450617c138a81c2e119d') or UPPER(event1.file_hash) = BINARY UPPER('3e6044de4c65c6e4290d22a03c8c67c18dbc264de0b8da0f4a8711415073fe15') or UPPER(event1.file_hash) = BINARY UPPER('3e5dea4055b80ba3903b5ef0a4ad6130775337d3a068b721671e982ae4effda1') or UPPER(event1.file_hash) = BINARY UPPER('6d728e557152d8f5613ca8ea06329f1a08e8e13923ed0fa0a5142c3dd7cb0155') or UPPER(event1.file_hash) = BINARY UPPER('57bdbb582ad09382aa3d4e015269eddd56f7d712d11cde58cf0debac9fcd1829') or UPPER(event1.file_hash) = BINARY UPPER('a9822090b68066332178fcd8fbaaf706ad478e0a7a5b50e1b99bda52bc6ab081') or UPPER(event1.file_hash) = BINARY UPPER('a9e4d7aa5b6d83943aa4845dc467040ae4cd223ef603a5ab2d1896d9c2573932') or UPPER(event1.file_hash) = BINARY UPPER('bb3219959f1e25a415adf56481be96da1145c03e347d8852de310070256a09cc')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
  367. [2018-05-17 11:36:33,989][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Added message to pending outgoing messages: 'DYNACHANNEL_BUCKETS_CHANGED,17 May 2018 08:36:33 GMT,ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]->ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]] DynaChannelBucketsChanged;channelID=QbdzjAGMBABDFNvZD2+V+yQ==,bucketCount=5'.
  368. [2018-05-17 11:36:34,050][INFO ][default.com.arcsight.util.io.UpdateableFile$FileChecker] File checker thread checking for updates...
  369. [2018-05-17 11:36:34,171][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select ActiveList.connector_name "Connector Name",ActiveList_0.connector_type "getConnectorInformation.ConnectorType",ActiveList_0.connector_host_name "getConnectorInformation.ConnectorHostName",ActiveList_0.logger_host_name "getConnectorInformation.LoggerHostName",ActiveList_0.support_information "getConnectorInformation.SupportInformation",ActiveList_0.connector_u_r_i "getConnectorInformation.ConnectorURI",ActiveList.creation_time "Creation Time" from ARC_ALD_DBL9E ActiveList LEFT OUTER JOIN ARC_ALD_QV818S ActiveList_0 ON ActiveList.connector_i_d = ActiveList_0.connector_i_d where 1=1 order by UPPER(ActiveList.connector_name) ASC LIMIT 10000
  370. [2018-05-17 11:36:34,172][INFO ][default.com.arcsight.common.introspection.queryable.SQLQueryable] Running query [Resource:[k14+bWMBABDuYm6NTn8u5Q==/All Queries/Unassigned/[k14+bWMBABDuYm6NTn8u5Q==/Temporary-query-for-results-Connectors - Down - Long Term--1526546194067][RunAsUser:andrey.maltsev][Owner:andrey.maltsev] -> select ActiveList.connector_name "Connector Name",ActiveList_0.connector_type "getConnectorInformation.ConnectorType",ActiveList_0.connector_host_name "getConnectorInformation.ConnectorHostName",ActiveList_0.logger_host_name "getConnectorInformation.LoggerHostName",ActiveList_0.support_information "getConnectorInformation.SupportInformation",ActiveList_0.connector_u_r_i "getConnectorInformation.ConnectorURI",ActiveList.creation_time "Creation Time" from ARC_ALD_DBL9E ActiveList LEFT OUTER JOIN ARC_ALD_QV818S ActiveList_0 ON ActiveList.connector_i_d = ActiveList_0.connector_i_d where 1=1 order by UPPER(ActiveList.connector_name) ASC LIMIT 10000
  371. [2018-05-17 11:36:34,172][INFO ][default.com.arcsight.common.introspection.queryable.SQLQueryable] Null time constraint for query: select ActiveList.connector_name "Connector Name",ActiveList_0.connector_type "getConnectorInformation.ConnectorType",ActiveList_0.connector_host_name "getConnectorInformation.ConnectorHostName",ActiveList_0.logger_host_name "getConnectorInformation.LoggerHostName",ActiveList_0.support_information "getConnectorInformation.SupportInformation",ActiveList_0.connector_u_r_i "getConnectorInformation.ConnectorURI",ActiveList.creation_time "Creation Time" from ARC_ALD_DBL9E ActiveList LEFT OUTER JOIN ARC_ALD_QV818S ActiveList_0 ON ActiveList.connector_i_d = ActiveList_0.connector_i_d where 1=1 order by UPPER(ActiveList.connector_name) ASC LIMIT 10000
  372. [2018-05-17 11:36:34,329][WARN ][default.com.arcsight.util.TimedRingBuffer] Throwing out increment 1, increment time = 1526550410000, acceptable range 1526541870236 - 1526546370236 (discarded=718)
  373. [2018-05-17 11:36:34,329][WARN ][default.com.arcsight.util.TimedRingBuffer] Throwing out increment 1, increment time = 1526550410000, acceptable range 1526542770420 - 1526546370420
  374. [2018-05-17 11:36:34,493][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5] Error while parsing event 42/100
  375. [2018-05-17 11:36:34,493][ERROR][default.com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5]
  376. java.lang.ArrayIndexOutOfBoundsException
  377. [2018-05-17 11:36:34,493][ERROR][default.com.arcsight.server.agent.protocol.EventServlet]
  378. com.arcsight.common.serialize.SerializationException: java.lang.ArrayIndexOutOfBoundsException
  379. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAllEvents(BinarySecurityEventSerializerV5.java:1376)
  380. at com.arcsight.common.serialize.binary.BinarySecurityEventSerializerV5.unmarshallAll(BinarySecurityEventSerializerV5.java:149)
  381. at com.arcsight.common.serialize.binary.BinaryContentHandler.unmarshallAll(BinaryContentHandler.java:673)
  382. at com.arcsight.common.serialize.StreamHandler.unmarshallAll(StreamHandler.java:722)
  383. at com.arcsight.server.agent.protocol.EventServlet.deserializeEventsBinary(EventServlet.java:775)
  384. at com.arcsight.server.agent.protocol.EventServlet.doProcessRequest(EventServlet.java:453)
  385. at com.arcsight.server.agent.protocol.EventServlet.processRequest(EventServlet.java:378)
  386. at com.arcsight.server.agent.protocol.EventServlet.handle(EventServlet.java:239)
  387. at com.arcsight.server.agent.protocol.AgentServletBase.doPost(AgentServletBase.java:553)
  388. at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
  389. at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
  390. at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:488)
  391. at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:403)
  392. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1050)
  393. at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1003)
  394. at org.mortbay.http.HttpServer.service(HttpServer.java:774)
  395. at org.mortbay.http.HttpConnection.service(HttpConnection.java:745)
  396. at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:918)
  397. at org.mortbay.http.HttpConnection.handle(HttpConnection.java:760)
  398. at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:165)
  399. at com.arcsight.server.SeededJsseListener.handleConnection(SeededJsseListener.java:268)
  400. at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
  401. at org.mortbay.util.ThreadPool$JobRunner.run(ThreadPool.java:773)
  402. at java.lang.Thread.run(Thread.java:748)
  403. Caused by: java.lang.ArrayIndexOutOfBoundsException
  404. [2018-05-17 11:36:34,633][INFO ][default.com.arcsight.common.icm.InterComponentMessageManager] Messages for recipient 'ComponentAddress=[Console,Session=C:u40h0hasle0f68d7e5-54dc-43d6-bb11-ed38c8678939,Server=[ComponentAddress=[Manager, ServerID=TbtckFcBABCAW+jy4MTVjQ==]]]' picked up: [com.arcsight.common.icm.InterComponentMessageManager$PendingMessage@2c1ab598]
  405. [2018-05-17 11:36:35,020][INFO ][default.com.arcsight.tools.sql.MysqlSqlGenerator] Query: select /* Generate Stataticstics Query for Channel name=Untitled Active Channel, channelID=QLb0DbWMBABCC+jCSIb7nOQ=H, sessionID=eerkaw68f7b4aa991b-2228-4ee2-81be-9f0cfc4eff21 */ DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H') "Hour(Manager Receipt Time)",event1.priority "Priority",count(event1.event_id) "Count(Event ID)" from arc_event event1 where 1=1 and (event1.manager_receipt_time >= '2018-05-16 07:06:48.609' and event1.manager_receipt_time < '2018-05-16 07:08:38.613') and (( 1 = 0 or 1 = 1 ) and (UPPER(event1.request_url) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.request_url) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.request_url) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.name) like BINARY UPPER('%enotal1f.beget.tech%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enot272.neocities.org%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz8.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%testytest1enot.ucoz.net%') or UPPER(event1.dest_host_name) like BINARY UPPER('%enotal1f.beget.tech%')) and ((event1.session_id is null) or event1.session_id = 0)) group by DATE_FORMAT(event1.manager_receipt_time,'%Y-%m-%d %H'),event1.priority
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!