Error: "Could not allocate space for object 'dbo.InsertionStrings'.'InsertionStringsSessions' in the database, because the 'PRIMARY' filegroup is full

This article describes resolution steps for scenarios when data cannot be uploaded to the reporting database because of the Microsoft SQL Server Express limitations and database file size growth restrictions.
Email It to Me Print this Page
Symptoms The Netwrix Auditor event log reports do not show recent data and the summary report for event log collection contains the following error: 

 User-added image
Cause

Usually this error happens when the Express editions of the SQL Server are in use as they have the database file growth limitations:  
 
SQL Server 2008 Express Editions - 10Gb per database
SQL Server 2012 Express editions -  10Gb per database
SQL Server 2014 Express editions -  10Gb per database
 
The error indicates that  the reporting database  (which is used for event logs reports) has reached the maximum allowed size.
Another reason this error can happen is if you specify a maximum size for the database and it has been exceeded 

Resolution

To resolve the issue please perform the following steps:
 
1.       If running the Express version of SQL Server which does not allow you to increase the database size, modify the database retention settings to decrease the period the data is stored in the database.

  • Open the Netwrix Auditor console and navigate to the managed object configured for event logs collection
  • In the managed object, expand the Event Log node, select Reports, go to the right pane and open the “Report Settings” tab
 User-added image

The old data which does not fall under the specified time period will be automatically deleted from the product database in the next data collection.
The number of days the data should be stored in the database depends on the number of events that are uploaded to the database on a daily basis and will vary for each situation.  
 
2.       Verify there is no limitation for the database file size:  
 
  • Open SQL Server Management Studio and expand  the Databases node
  • Right click the database used for event log collection (the database name is specified in the error text, as the “NetWrix_Event_Log_Manager” in the example above) and select properties
  • Select the Files tab, then click the button in the Autogrowth field for the database
  • Increase the maximum size of the database file or disable the database file grow restriction by selecting the “Unrestricted file Growth ” option
User-added image

3.        Review the event collection settings to see what data is collected and the way the product archives it. Exclude or disable certain events from being uploaded to the reporting database.  

Some automation services can produce numerous events on their activity which then are collected by Netwrix Auditor and uploaded to the database.  For example the  Security event logs may contain all logons, logoffs and authentication for system and machine accounts, which can be more than 70% of the Security event log events and may be deemed unnecessary to collect.
 
Such events can be collected and stored in the audit archive only (without uploading to the reporting database) or excluded by certain event ID, Type, User name and other parameters and not collected at all. This can be done by modifying the Audit Archive Filters.
 
  • Open the Netwrix Auditor console and navigate to the managed object configured for event logs collection
  • In the managed object, expand the Event Log node, select Audit Archiving Filters  
  • Then click Edit to modify an existing inclusive filter or create the new exclusion filter.    
User-added image
Was this information helpful?