Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 9 replies
  • Subscribers 0 subscribers
  • Views 1722 views
  • Users 0 members are here
Options
Suggested

[7.480][BUG][NOTABUG] Dud IPS pattern released today

RFCat_vk_01
Hi,
was there another dud IPS pattern released today. I had to disable IPS to maintain audio streaming and download large e-mail files. Kids also complaining the system started to cause interruptions during afternoon.

Ian M[:)]
  • 0 
    Astaro Beta Report
    --------------------------------
    Version: 7.480
    Type: BUG
    State: NOTABUG
    Reporter: RFCat_vk
    Contributor: 
    MantisID: 
    --------------------------------
  • 0 in reply to Astaro Beta Bot
    Hi,
    the following seems to coincide with streaming breaks. I have IPS disabled and that increased the time between breaks.

    Ian

    2009:08:18-19:15:01 fw1-on-house /usr/sbin/cron[9621]: (*system*) RELOAD (/etc/crontab)
    2009:08:18-19:15:01 fw1-on-house /usr/sbin/cron[30068]: (root) CMD (nice -n19 /usr/local/bin/create_rrd_graphs.plx)
    2009:08:18-19:15:01 fw1-on-house /usr/sbin/cron[30070]: (root) CMD (   /usr/local/bin/reportcontrol.sh)
    2009:08:18-19:16:01 fw1-on-house /usr/sbin/cron[9621]: (*system*) RELOAD (/etc/crontab)
    2009:08:18-19:17:01 fw1-on-house /usr/sbin/cron[30264]: (root) CMD (  nice -n19 /usr/local/bin/gen_inline_reporting_data.plx)
    2009:08:18-19:17:10 fw1-on-house daemon-watcher[3346]: Watching selfmonng.plx - running fine
    2009:08:18-19:20:01 fw1-on-house /usr/sbin/cron[30320]: (root) CMD (   /usr/local/bin/reportcontrol.sh)
    2009:08:18-19:25:01 fw1-on-house /usr/sbin/cron[30427]: (root) CMD (   /usr/local/bin/reportcontrol.sh)
    2009:08:18-19:30:01 fw1-on-house /usr/sbin/cron[30540]: (root) CMD (nice -n19 /usr/local/bin/create_rrd_graphs.plx)
    2009:08:18-19:30:01 fw1-on-house /usr/sbin/cron[30542]: (root) CMD (   /usr/local/bin/reportcontrol.sh)
    2009:08:18-19:30:01 fw1-on-house /usr/sbin/cron[30544]: (root) CMD (/sbin/audld.plx --trigger)
    2009:08:18-19:32:01 fw1-on-house /usr/sbin/cron[30701]: (root) CMD (  nice -n19 /usr/local/bin/gen_inline_reporting_data.plx)
    2009:08:18-19:35:01 fw1-on-house /usr/sbin/cron[30733]: (root) CMD (   /usr/local/bin/reportcontrol.sh)
    2009:08:18-19:37:07 fw1-on-house daemon-watcher[3346]: Watching selfmonng.plx - running fine
    2009:08:18-19:40:02 fw1-on-house /usr/sbin/cron[30804]: (root) CMD (   /usr/local/bin/reportcontrol.sh)
  • 0 in reply to RFCat_vk_01
    This line: 2009:08:18-19:30:01 fw1-on-house /usr/sbin/cron[30544]: (root) CMD (/sbin/audld.plx --trigger)

    is what I see when my proxy downloads fail as I mentioned in my other thread.  The time on mine coincides perfectly with the failure.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    sbin/audld.plx --trigger is a cron job for pattern updates. Isn't this what bastian complained about in older versions where pattern updates were breaking up his streams? I don't think astaro ever acknowledged that bug.

    I have my pattern update interval set at 15 minutes but I don't stream much. Ian have you tried to set your pattern update interval to once or maybe twice a day? I am talking about av/ips patterns not firmware patterns. That way it will only run at 5:07 in the morning and 5:07 in the afternoon. You probably can get away with a setting like that and still have full protection as a work around for now?
  • 0 in reply to Billybob
    As a follow up... I did note if I set the pattern update to 30 minutes rather than 15, my downloads waited longer to fail (at the 30 minute mark)... not sure why Astaro is not acknowledging this issue.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Hi guys,
    I have changed the pattern update to every 12 hours.

    The odd part is the at times the break seems to happen sometimes every couple of minutes. A power off and start from the webadmin with IPS disabled seems to fix the problem for at least a day.

    It is not just the http proxy that is affected, so are the pop3 and the smtp proxies.

    At one stage Bastion and I identified e-poll as being a likely suspect as well, but not every time.

    Thank you for the suggestions.

    Ian M
  • 0 in reply to RFCat_vk_01
    Hi,
    there is definitely something wrong with the timer in the current version. The update processes are both set to 12 hours and have been all today without any changes.

    Ian M

    2009:08:23-08:05:01 fw1-on-house audld[25062]: Starting Up2Date Package Downloader (Version 1.57)
    2009:08:23-08:05:02 fw1-on-house audld[25062]: patch up2date possible
    2009:08:23-08:05:04 fw1-on-house audld[25062]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2009:08:23-08:05:13 fw1-on-house audld[25062]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="clam"
    2009:08:23-08:05:13 fw1-on-house auisys[25099]: Starting Up2Date Package Installer (Version 1.65)
    2009:08:23-08:05:14 fw1-on-house auisys[25099]: Searching for available up2date packages for type 'man-sw'
    2009:08:23-08:05:14 fw1-on-house auisys[25099]: id="371D" severity="info" sys="system" sub="up2date" name="No up2date packages available for installation" status="failed" action="preinst_check" package="man-sw"
    2009:08:23-08:05:19 fw1-on-house auisys[25099]: Searching for available up2date packages for type 'avira'
    2009:08:23-08:05:19 fw1-on-house auisys[25099]: id="371D" severity="info" sys="system" sub="up2date" name="No up2date packages available for installation" status="failed" action="preinst_check" package="avira"
    2009:08:23-08:05:24 fw1-on-house auisys[25099]: Searching for available up2date packages for type 'clam'
    2009:08:23-08:05:24 fw1-on-house auisys[25099]: Installing up2date package file '/var/up2date//clam/u2d-clam-7.4665-4686.patch.tgz.gpg'
    2009:08:23-08:05:24 fw1-on-house auisys[25099]: Verifying up2date package signature
    2009:08:23-08:05:24 fw1-on-house auisys[25099]: Unpacking installation instructions
    2009:08:23-08:05:24 fw1-on-house auisys[25099]: Unpacking up2date package container
    2009:08:23-08:05:24 fw1-on-house auisys[25099]: Running pre-installation checks
    2009:08:23-08:05:25 fw1-on-house auisys[25099]: Starting up2date package installation
    2009:08:23-08:05:35 fw1-on-house auisys[25099]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="7.4686" package="clam"
    2009:08:23-08:05:35 fw1-on-house auisys[25099]: New Pattern Up2Dates installed
    2009:08:23-08:05:40 fw1-on-house auisys[25099]: Searching for available up2date packages for type 'ohelp'
    2009:08:23-08:05:40 fw1-on-house auisys[25099]: id="371D" severity="info" sys="system" sub="up2date" name="No up2date packages available for installation" status="failed" action="preinst_check" package="ohelp"
    2009:08:23-08:05:45 fw1-on-house auisys[25099]: id="3716" severity="info" sys="system" sub="up2date" name="Up2date Package Installer finished, exiting"
    2009:08:23-12:20:02 fw1-on-house audld[31596]: Starting Up2Date Package Downloader (Version 1.57)
    2009:08:23-12:20:02 fw1-on-house audld[31596]: patch up2date possible
    2009:08:23-12:20:04 fw1-on-house audld[31596]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2009:08:23-16:29:01 fw1-on-house audld[6673]: Starting Up2Date Package Downloader (Version 1.57)
    2009:08:23-16:29:01 fw1-on-house audld[6673]: patch up2date possible
    2009:08:23-16:29:04 fw1-on-house audld[6673]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2009:08:23-17:09:01 fw1-on-house audld[7755]: Starting Up2Date Package Downloader (Version 1.57)
    2009:08:23-17:09:01 fw1-on-house audld[7755]: patch up2date possible
    2009:08:23-17:09:04 fw1-on-house audld[7755]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2009:08:23-19:52:01 fw1-on-house audld[13525]: Starting Up2Date Package Downloader (Version 1.57)
    2009:08:23-19:52:01 fw1-on-house audld[13525]: patch up2date possible
    2009:08:23-19:52:04 fw1-on-house audld[13525]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
  • 0
    Hi Ian,

    does this problem still exist in the soft release of 7.500? I'm unable to reproduce it

    greetings
    andreas
  • 0 in reply to andyk007
    Hi Andreas,
    the problem does not exist in v7.500.

    Ian M[:)]
Unfiltered HTML