Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 7292 Source: EnterpriseVault

Level
Description
The index volume has been marked as failed.
Index Volume:
Index Volume Path:
Reference: ValidateFileChecksum
            

Due to errors accessing the index volume it has been marked as 'failed' to prevent further errors.  The index volume will remain inaccessible until it has been repaired.

For more information see Help and Support Center at http://evevent.symantec.com/rosetta/showevent.asp
Comments
 
There are several factors which can contribute to these types of errors/symptoms, some include the following:

- Improper registry keys
- Out of date or poorly written NIC drivers
- NIC Teaming
- NIC Bindings
- OS patches or service packs which have made changes to TCP/IP settings
- TCP Chimney Offload and/or TCP/IP Offload Engine (TOE) are enabled  (See Related Documents at bottom of this article)
- I/O degradation on indexing storage device
- Size of Index
- Schema Type of Index

See EV100101 (Symantec Article: TECH62307) for troubleshooting information.
From a support forum: "We have implemented all of the index best practices, have excluded all the pertinent directories from virus scanning, and do not have the 3gb switch set on any of the servers.

We found the index corruption occurred weekly right around the time our servers came up after a reboot. So we believe the problem is from not waiting long enough after we stop the EV services to reboot the server. Symantec support told us that anytime we reboot the server we should stop all EV services, wait 5-10 minutes, then reboot.

The reason for this is if you just reboot the server then the indexing service may not have time to finish committing what it has in memory. If the indexing service cannot finish its process then it cannot make the index stable and causes index corruption.

It seems like this is more of an issue with the newer versions of EV because we never had this problem before."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...