Specific sites slow after upgrade to 17.5.8 MR8

Josh,

please perform the followin steps:

• service awarrenhttp:debug -ds nosync
• tail -f /log/awarrenhttp.log
• surf on website where you experience the issue
• check in the awarrenhttp.log the and search for fields such as: authtime, dnstime, cattime, avacentime, fullreqtime
• host -a http://website dnserveryouuse

Regards

Iferrara, when I try that on option 4 in the console, I get an error:

console> service awarrenhttp:debug -ds nosync
% Error: Unknown Parameter 'service'
console>

What am I missing?  Is there some elevation or system specific console?

You need to use option 5 and then option 3 (advanced shell)

Thank you for the help I have the file, and am investigating now.  I also ran the command for DNS and this is what I was given when I typed in the authoritative DNS servers we use:

XG450_WP02_SFOS 17.5.8 MR-8# host -a suny-cay.alma.exlibrisgroup.com resolver1.opendns.com
Trying "suny-cay.alma.exlibrisgroup.com"
Received 120 bytes from 208.67.222.222#53 in 28 ms
Trying "suny-cay.alma.exlibrisgroup.com"
Using domain server:
Name: resolver1.opendns.com
Address: 208.67.222.222#53
Aliases:

Host suny-cay.alma.exlibrisgroup.com not found: 3(NXDOMAIN)
Received 120 bytes from 208.67.222.222#53 in 28 ms

XG450_WP02_SFOS 17.5.8 MR-8# host -a suny-cay.alma.exlibrisgroup.com resolver2.opendns.com
Trying "suny-cay.alma.exlibrisgroup.com"
Received 120 bytes from 208.67.220.220#53 in 21 ms
Trying "suny-cay.alma.exlibrisgroup.com"
Using domain server:
Name: resolver2.opendns.com
Address: 208.67.220.220#53
Aliases:

Host suny-cay.alma.exlibrisgroup.com not found: 3(NXDOMAIN)
Received 120 bytes from 208.67.220.220#53 in 21 ms

Check or share the awarrenhttp.log file or part of it...

DNS response is a bit high and not cache is used. If you use XG as DNS server on one machine, do you get a better performance?

That is the authoritative DNS server that gets used to resolve outside addresses.  Internally clients use one of our AD servers as DNS which then resolve outside addresses using that. The awarrenhttp file had none of the keywords you mentioned and seems to have little if anything of note even though the file is massive (272mb). 

Please share part of the file output

Sorry, the file is:

tail -f /log/awarrenhttp_access.log

I got the file with the new command, but it seems to have absolutely all our traffic, rather than the narrowed down traffic that is affected (all other normal web browsing is fine and unaffected).  It didn't even have the machine IP address where I was browsing to the site which is extremely odd.  A sample of the file with other traffic is below:

1570718774.128561473 [ 4519/0x7f059565a800] fwid=3 fwflag="V" iap=0 aap=5 conn_id=2197220968 id="0001" name="http access" action="pass" method="GET" srcip="150.155.160.150" dstip="3.222.35.82" user="" statuscode=200 cached=0 trxlen=179 rxlen=59 url="http.00.h.sophosxl.net/.../" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=0 avscantime=0 fullreqtime=23220 ua="SXL/3.1" activity="" av_transaction_id="" categoryname="None" category="" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718774.130040314 [ 4519/0x7f059d48a000] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1966129152 id="0001" name="http access" action="pass" method="GET" srcip="150.155.160.150" dstip="3.222.35.82" user="" statuscode=200 cached=0 trxlen=170 rxlen=40 url="http.00.h.sophosxl.net/.../" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=0 avscantime=0 fullreqtime=23712 ua="SXL/3.1" activity="" av_transaction_id="" categoryname="None" category="" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718774.132243468 [ 4517/0x7f0583efdc00] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1738487112 id="0001" name="http access" action="pass" method="GET" srcip="150.155.160.150" dstip="3.222.35.82" user="" statuscode=200 cached=0 trxlen=179 rxlen=59 url="http.00.h.sophosxl.net/.../" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=0 avscantime=0 fullreqtime=23469 ua="SXL/3.1" activity="" av_transaction_id="" categoryname="None" category="" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718774.247376550 [ 4519/0x7f059d48a000] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1966129152 id="0001" name="http access" action="pass" method="GET" srcip="150.155.160.150" dstip="3.222.35.82" user="" statuscode=200 cached=0 trxlen=170 rxlen=40 url="http.00.h.sophosxl.net/.../" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=0 avscantime=0 fullreqtime=23742 ua="SXL/3.1" activity="" av_transaction_id="" categoryname="None" category="" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718774.293385419 [ 4519/0x7f059d48a000] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1966129152 id="0001" name="http access" action="pass" method="GET" srcip="150.155.160.150" dstip="3.222.35.82" user="" statuscode=200 cached=0 trxlen=179 rxlen=59 url="http.00.h.sophosxl.net/.../" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=0 avscantime=0 fullreqtime=23721 ua="SXL/3.1" activity="" av_transaction_id="" categoryname="None" category="" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718774.299933131 [ 4519/0x7f0595658000] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1966429344 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="75.98.70.160" user="" statuscode=200 cached=0 trxlen=916 rxlen=243 url="5fd74.v.fwmrm.net/.../1 referer="" type="text/html" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=133 avscantime=0 fullreqtime=25618 ua="Crunchyroll/1190071.400979072 CFNetwork/1115 Darwin/19.0.0" activity="" av_transaction_id="" categoryname="Advertisements" category="1" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718774.300226650 [ 4519/0x7f059565a800] fwid=3 fwflag="V" iap=0 aap=5 conn_id=2197220968 id="0001" name="http access" action="pass" method="GET" srcip="150.155.160.150" dstip="3.222.35.82" user="" statuscode=200 cached=0 trxlen=167 rxlen=40 url="http.00.h.sophosxl.net/.../" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=0 avscantime=0 fullreqtime=23202 ua="SXL/3.1" activity="" av_transaction_id="" categoryname="None" category="" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718774.310276938 [ 4517/0x7f0583efdc00] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1738487112 id="0001" name="http access" action="pass" method="GET" srcip="150.155.160.150" dstip="3.222.35.82" user="" statuscode=200 cached=0 trxlen=166 rxlen=59 url="http.00.h.sophosxl.net/.../" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=0 avscantime=0 fullreqtime=23332 ua="SXL/3.1" activity="" av_transaction_id="" categoryname="None" category="" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718774.338394561 [ 4515/0x7f0594c47800] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1063377792 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="52.206.191.232" user="" statuscode=404 cached=0 trxlen=163 rxlen=180 url="pxe-host.cayboces.org/.../.sms_aut referer="" type="text/plain" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=79 avscantime=832 fullreqtime=60841 ua="SMS CCM 5.0" activity="" av_transaction_id="" categoryname="General Business" category="6" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1570718774.387437364 [ 4518/0x7f059309d800] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1754073240 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="52.206.191.232" user="" statuscode=404 cached=0 trxlen=163 rxlen=180 url="pxe-host.cayboces.org/.../.sms_aut referer="" type="text/plain" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=57 avscantime=595 fullreqtime=48123 ua="SMS CCM 5.0" activity="" av_transaction_id="" categoryname="General Business" category="6" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1570718774.391685674 [ 4516/0x7f05942ce800] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1491369440 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="192.229.163.25" user="" statuscode=200 cached=0 trxlen=603 rxlen=29205 url="platform.twitter.com/widgets.js" referer="http://instant-articles/" type="application/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=142749 avscantime=8642 fullreqtime=190864 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Social Networking" category="67" app_id=214 app_name="Twitter Website" app_cat="Social Networking"  exceptions="" sandbox="off"
1570718774.393665900 [ 4514/0x7f059477c000] fwid=3 fwflag="V" iap=0 aap=5 conn_id=2673583568 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="192.229.163.25" user="" statuscode=200 cached=0 trxlen=603 rxlen=29205 url="platform.twitter.com/widgets.js" referer="http://instant-articles/" type="application/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=146001 avscantime=7978 fullreqtime=192834 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Social Networking" category="67" app_id=214 app_name="Twitter Website" app_cat="Social Networking"  exceptions="" sandbox="off"
1570718774.394386156 [ 4518/0x7f0593018800] fwid=3 fwflag="V" iap=0 aap=5 conn_id=2670475008 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="192.229.163.25" user="" statuscode=200 cached=0 trxlen=603 rxlen=29205 url="platform.twitter.com/widgets.js" referer="http://instant-articles/" type="application/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=146899 avscantime=6633 fullreqtime=193556 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Social Networking" category="67" app_id=214 app_name="Twitter Website" app_cat="Social Networking"  exceptions="" sandbox="off"
1570718774.396046977 [ 4518/0x7f0593019c00] fwid=3 fwflag="V" iap=0 aap=5 conn_id=2673574768 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="192.229.163.25" user="" statuscode=200 cached=0 trxlen=603 rxlen=29205 url="platform.twitter.com/widgets.js" referer="http://instant-articles/" type="application/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=151017 avscantime=8408 fullreqtime=198439 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Social Networking" category="67" app_id=214 app_name="Twitter Website" app_cat="Social Networking"  exceptions="" sandbox="off"
1570718774.423743641 [ 4515/0x7f059443cc00] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1062582016 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="172.217.11.2" user="" statuscode=200 cached=0 trxlen=579 rxlen=14904 url="www.googletagservices.com/.../gpt.js" referer="www.complex.com/.../mia-khalifa-sparks-discussion-after-revealing-she-made-12-thousand-dollars-adult-film" type="text/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=118 avscantime=7097 fullreqtime=85263 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Advertisements" category="1" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1570718774.426472143 [ 4519/0x7f0595635c00] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1754080280 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="172.217.11.2" user="" statuscode=200 cached=0 trxlen=579 rxlen=14904 url="www.googletagservices.com/.../gpt.js" referer="www.complex.com/.../mia-khalifa-sparks-discussion-after-revealing-she-made-12-thousand-dollars-adult-film" type="text/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=74 avscantime=7046 fullreqtime=85065 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Advertisements" category="1" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1570718774.957485775 [ 4516/0x7f05954b5400] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1966137512 id="0001" name="http access" action="pass" method="GET" srcip="150.155.160.150" dstip="17.253.15.205" user="" statuscode=200 cached=0 trxlen=128 rxlen=609 url="static.ess.apple.com/connectivity.txt" referer="" type="text/plain" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=101 avscantime=0 fullreqtime=38453 ua="" activity="" av_transaction_id="" categoryname="Information Technology" category="29" app_id=0 app_name="None" app_cat="None"  exceptions="av,https,policy,sandstorm"
1570718775.227850129 [ 4520/0x7f059a374000] fwid=3 fwflag="V" iap=0 aap=5 conn_id=464767568 id="0001" name="http access" action="pass" method="GET" srcip="150.155.160.150" dstip="17.253.15.201" user="" statuscode=200 cached=0 trxlen=128 rxlen=608 url="static.ess.apple.com/connectivity.txt" referer="" type="text/plain" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=98 avscantime=0 fullreqtime=37749 ua="" activity="" av_transaction_id="" categoryname="Information Technology" category="29" app_id=0 app_name="None" app_cat="None"  exceptions="av,https,policy,sandstorm"
1570718775.464270593 [ 4517/0x7f05a09e3800] fwid=3 fwflag="V" iap=0 aap=5 conn_id=3544097376 id="0001" name="http access" action="pass" method="GET" srcip="150.155.160.150" dstip="17.253.15.205" user="" statuscode=200 cached=0 trxlen=128 rxlen=608 url="static.ess.apple.com/connectivity.txt" referer="" type="text/plain" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=96 avscantime=0 fullreqtime=37691 ua="" activity="" av_transaction_id="" categoryname="Information Technology" category="29" app_id=0 app_name="None" app_cat="None"  exceptions="av,https,policy,sandstorm"
1570718775.606493466 [ 4515/0x7f0594426c00] fwid=40 fwflag="V" iap=0 aap=9 conn_id=3155689912 id="0001" name="http access" action="pass" method="GET" srcip="150.155.152.121" dstip="13.225.212.80" user="abeckwi3@student.ccc.lan" statuscode=200 cached=0 trxlen=496 rxlen=506 url="stats-dev.brid.tv/ping.gif referer="www.citationmachine.net/.../confirm" type="image/gif" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=90 avscantime=0 fullreqtime=18871 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36" activity="" av_transaction_id="" categoryname="Information Technology" category="29" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718775.608958482 [ 4517/0x7f058360f800] fwid=40 fwflag="V" iap=0 aap=9 conn_id=3152003072 id="0001" name="http access" action="pass" method="GET" srcip="150.155.152.121" dstip="13.226.38.122" user="abeckwi3@student.ccc.lan" statuscode=200 cached=0 trxlen=492 rxlen=506 url="stats.brid.tv/ping.gif referer="www.citationmachine.net/.../confirm" type="image/gif" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=66 avscantime=0 fullreqtime=19129 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36" activity="" av_transaction_id="" categoryname="Information Technology" category="29" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718775.723607844 [ 4519/0x7f0595633400] fwid=3 fwflag="V" iap=0 aap=5 conn_id=3542639200 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="172.217.10.67" user="" statuscode=204 cached=0 trxlen=258 rxlen=83 url="connectivitycheck.gstatic.com/generate_204" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=89 avscantime=0 fullreqtime=39096 ua="Twitter/7.41.2 CFNetwork/1107.1 Darwin/19.0.0" activity="" av_transaction_id="" categoryname="Content Delivery" category="10" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718775.987229801 [ 4517/0x7f0594f1c400] fwid=3 fwflag="V" iap=0 aap=5 conn_id=464916784 id="0001" name="http access" action="pass" method="GET" srcip="150.155.160.150" dstip="17.253.15.201" user="" statuscode=200 cached=0 trxlen=128 rxlen=608 url="static.ess.apple.com/connectivity.txt" referer="" type="text/plain" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=97 avscantime=0 fullreqtime=36397 ua="" activity="" av_transaction_id="" categoryname="Information Technology" category="29" app_id=0 app_name="None" app_cat="None"  exceptions="av,https,policy,sandstorm"
1570718776.066191202 [ 4515/0x7f059443cc00] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1062582016 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="172.217.11.2" user="" statuscode=200 cached=0 trxlen=473 rxlen=29579 url="www.googletagservices.com/.../lidar.js referer="" type="text/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=85 avscantime=6859 fullreqtime=58069 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Advertisements" category="1" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1570718776.142705268 [ 4520/0x7f0598701400] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1283925456 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="172.217.11.33" user="" statuscode=200 cached=0 trxlen=444 rxlen=15594 url="tpc.googlesyndication.com/.../UFYwWwmt.js" referer="" type="text/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=122 avscantime=5602 fullreqtime=70356 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Advertisements" category="1" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1570718776.149825362 [ 4516/0x7f0595436800] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1938722680 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="172.217.11.33" user="" statuscode=200 cached=0 trxlen=444 rxlen=15594 url="tpc.googlesyndication.com/.../UFYwWwmt.js" referer="" type="text/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=99 avscantime=5508 fullreqtime=80419 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Advertisements" category="1" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1570718776.197957044 [ 4517/0x7f05a09e1000] fwid=3 fwflag="V" iap=0 aap=5 conn_id=2668994288 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="199.166.0.26" user="" statuscode=200 cached=0 trxlen=599 rxlen=16107 url="pixel.adsafeprotected.com/jload referer="" type="application/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=170 avscantime=5929 fullreqtime=48051 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Advertisements" category="1" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1570718776.211994037 [ 4516/0x7f0595436800] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1938722680 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="172.217.11.33" user="" statuscode=200 cached=0 trxlen=536 rxlen=8773 url="tpc.googlesyndication.com/.../Enqz_20U.html" referer="" type="text/html" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=103 avscantime=5468 fullreqtime=29901 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Advertisements" category="1" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1570718776.215372974 [ 4520/0x7f0598701400] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1283925456 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="172.217.11.33" user="" statuscode=200 cached=0 trxlen=536 rxlen=8774 url="tpc.googlesyndication.com/.../Enqz_20U.html" referer="" type="text/html" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=86 avscantime=5703 fullreqtime=28857 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Advertisements" category="1" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1570718776.217600913 [ 4514/0x7f0594a47400] fwid=3 fwflag="V" iap=0 aap=5 conn_id=1933288032 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="151.101.130.217" user="" statuscode=301 cached=0 trxlen=891 rxlen=347 url="www.complex.com/.../mraid.js" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=24667 avscantime=0 fullreqtime=67704 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Entertainment" category="17" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718776.223650137 [ 4518/0x7f05930b1c00] fwid=3 fwflag="V" iap=0 aap=5 conn_id=2656525184 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="151.101.130.217" user="" statuscode=301 cached=0 trxlen=891 rxlen=347 url="www.complex.com/.../mraid.js" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=25227 avscantime=0 fullreqtime=77973 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Entertainment" category="17" app_id=0 app_name="None" app_cat="None"  exceptions=""
1570718776.224827202 [ 4514/0x7f0594610c00] fwid=3 fwflag="V" iap=0 aap=5 conn_id=2668994728 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="199.166.0.26" user="" statuscode=200 cached=0 trxlen=600 rxlen=17287 url="pixel.adsafeprotected.com/jload referer="" type="application/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=102 avscantime=6806 fullreqtime=56805 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Advertisements" category="1" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1570718776.232755422 [ 4518/0x7f05930a4000] fwid=3 fwflag="V" iap=0 aap=5 conn_id=3540471672 id="0001" name="http access" action="pass" method="GET" srcip="150.155.1.184" dstip="199.166.0.26" user="" statuscode=200 cached=0 trxlen=599 rxlen=14646 url="pixel.adsafeprotected.com/jload referer="" type="application/javascript" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=72 avscantime=6631 fullreqtime=48881 ua="Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone10,5;FBMD/iPhone;FBSN/iOS;FBSV/13.1.2;FBSS/3;FBID/phone;FBLC/en_US;FBOP/5;FBCR/AT&T;FBIA/FBIOS]" activity="" av_transaction_id="" categoryname="Advertisements" category="1" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"

I recently switched to OpenDNS from Cloudflare 1.1.1.1 and noticed a little bit of lag from the change.  I did this for the security benefit of OpenDNS having extra checks.  But you may want to try and switch your DNS to 1.1.1.1 and see if it resolved the issue.  Quick test to rule out the DNS issue.

use this combination:

tail -f /log/awarrenhttp_access.log | grep "urlhere or website*" for example:

tail -f /log/awarrenhttp_access.log | grep "uninettunouniversity.net*" (here the original website is www.uninettunouniversity.net)

Regards

use this combination:

tail -f /log/awarrenhttp_access.log | grep "urlhere or website*" for example:

tail -f /log/awarrenhttp_access.log | grep "uninettunouniversity.net*" (here the original website is www.uninettunouniversity.net)

Regards

Attempted this for the site:  https://suny-cay.alma.exlibrisgroup.com/mng/login

Commands I ran were:

XG450_WP02_SFOS 17.5.8 MR-8# service awarrenhttp:debug -ds nosync
200 OK
XG450_WP02_SFOS 17.5.8 MR-8# tail -f /log/awarrenhttp_access.log | grep "suny-cay.alma.exlibrisgroup.com*"
^C
XG450_WP02_SFOS 17.5.8 MR-8# tail -f /log/awarrenhttp_access.log | grep "exlibrisgroup.com*"
^C
XG450_WP02_SFOS 17.5.8 MR-8# tail -f /log/awarrenhttp_access.log | grep "*.exlibrisgroup.com*"
^[[A^C
XG450_WP02_SFOS 17.5.8 MR-8# tail -f /log/awarrenhttp_access.log | grep "*.exlibrisgroup.com"
^C
XG450_WP02_SFOS 17.5.8 MR-8# tail -f /log/awarrenhttp_access.log | grep "suny-cay.alma.exlibrisgroup.com"
^C
XG450_WP02_SFOS 17.5.8 MR-8# tail -f /log/awarrenhttp_access.log | grep "https://suny-cay.alma.exlibrisgroup.com/*"

None of them gave me any output in the command window however.  Which one should I have been using?

Josh,

how many times did you run service awarrenhttp:debug -ds nosync?

If you run the first time, the debug is enabled. If you run it again, you disable the debug.

Regards

I found out you can check if it is in debug by using "service -S" (it shows the state of services).  It was debugging.  I feel as though I was missing something.  We downgraded the firmware back to MR7 but the issue is the exact same.  It is affecting us pretty badly.  Could you suggest which of the commands above I should run?  Since the sites we use have dozens of ip addresses I pretty much have to use URL.  Any assistance is appreciated.

Here what I typed:

SFVH_SO01_SFOS 18.0.0 EAP1# tail -f /log/awarrenhttp_access.log | grep "alma*"
1571773080.738165112 [ 7049/0x7fd3d0126400] fwid=1 fwflag="VS" iap=12 aap=4 conn_id=1014323456 id="0001" name="http access" action="pass" method="GET" srcip="192.168.0.8" dstip="216.147.212.92" user="" statuscode=200 cached=0 trxlen=814 rxlen=2698 url="suny-cay.alma.exlibrisgroup.com/.../login" referer="community.sophos.com/.../specific-sites-slow-after-upgrade-to-17-5-8-mr8" type="text/html" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=326 avscantime=9271 fullreqtime=268487 ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:69.0) Gecko/20100101 Firefox/69.0" activity="" av_transaction_id="" categoryname="Information Technology" category="29" app_id=0 app_name="None" app_cat="None"  exceptions=""
1571773081.056630954 [ 7049/0x7fd3d0126400] fwid=1 fwflag="VS" iap=12 aap=4 conn_id=1014323456 id="0001" name="http access" action="pass" method="GET" srcip="192.168.0.8" dstip="216.147.212.92" user="" statuscode=302 cached=0 trxlen=673 rxlen=347 url="suny-cay.alma.exlibrisgroup.com/.../report referer="suny-cay.alma.exlibrisgroup.com/.../login" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=477 avscantime=0 fullreqtime=193902 ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:69.0) Gecko/20100101 Firefox/69.0" activity="" av_transaction_id="" categoryname="Information Technology" category="29" app_id=0 app_name="None" app_cat="None"  exceptions=""
1571773082.036233733 [ 7048/0x7fd3cd8ecc00] fwid=1 fwflag="VS" iap=12 aap=4 conn_id=1265035456 id="0001" name="http access" action="pass" method="GET" srcip="192.168.0.8" dstip="216.147.212.84" user="" statuscode=200 cached=0 trxlen=561 rxlen=5838 url="analytics-na02.alma.exlibrisgroup.com/.../saw.dll referer="suny-cay.alma.exlibrisgroup.com/.../login" type="text/html" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=7 cattime=352 avscantime=9438 fullreqtime=218401 ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:69.0) Gecko/20100101 Firefox/69.0" activity="" av_transaction_id="" categoryname="Information Technology" category="29" app_id=0 app_name="None" app_cat="None"  exceptions=""

In my case, the url opens quick.

Check that AV and IPS patterns are up to date.

Thanks

Again I got odd results.  None of the items listed were from the IP address I was navigating the site with.  I got the following:

XG450_WP02_SFOS 17.5.7 MR-7# tail -f /log/awarrenhttp_access.log | grep "alma*"
1571776586.194937818 [ 4706/0x7f9ca5c98400] fwid=3 fwflag="V" iap=0 aap=5 conn_id=2088604392 id="0001" name="http access" action="pass" method="POST" srcip="150.155.160.150" dstip="204.154.111.133" user="" statuscode=200 cached=0 trxlen=1209 rxlen=385 url="tps10234.doubleverify.com/event.png referer="http://ads.mopub.com/" type="image/png" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=105600 cattime=101 avscantime=822 fullreqtime=148111 ua="Mozilla/5.0 (Linux; Android 9; moto g(6) Build/PDS29.118-15-11; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/77.0.3865.116 Mobile Safari/537.36" activity="" av_transaction_id="" categoryname="General Business" category="6" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1571776588.920528039 [ 4708/0x7f9cafe5e000] fwid=3 fwflag="V" iap=0 aap=5 conn_id=196586672 id="0001" name="http access" action="pass" method="POST" srcip="150.155.160.150" dstip="204.154.111.130" user="" statuscode=200 cached=0 trxlen=1303 rxlen=385 url="tps10214.doubleverify.com/event.png referer="http://ads.mopub.com/" type="image/png" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=18568 cattime=91 avscantime=832 fullreqtime=59653 ua="Mozilla/5.0 (Linux; Android 9; moto g(6) Build/PDS29.118-15-11; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/77.0.3865.116 Mobile Safari/537.36" activity="" av_transaction_id="" categoryname="General Business" category="6" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"
1571776641.949811440 [ 4709/0x7f9ca483a000] fwid=4 fwflag="V" iap=0 aap=5 conn_id=1939162408 id="0001" name="http access" action="pass" method="POST" srcip="150.155.13.232" dstip="204.154.111.130" user="mprober@student.ccc.lan" statuscode=200 cached=0 trxlen=941 rxlen=393 url="tps10253.doubleverify.com/event.png referer="http://www.citethisforme.com/" type="image/png" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=86 avscantime=782 fullreqtime=22247 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36" activity="" av_transaction_id="" categoryname="General Business" category="6" app_id=0 app_name="None" app_cat="None"  exceptions="" sandbox="off"

Dnstime is too high. Change dns to something else. Try XG as dns and change the dns servers used on XG also to something else. Check with your isp the dns servers to use. Regards