Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 22 replies
  • Subscribers 0 subscribers
  • Views 5158 views
  • Users 0 members are here
Options
Suggested

[7.900][BUG][OPEN] Network Security Statistics Today V8

scottj_01
All-

I am not seeing any network security statistics being displayed, not are the histograms available under reporting. In the reporting settings I have IPS and Packet Filter selected. When I loaded V8 I used my config file from ver 7.504 and the stats were working there. Live log is displaying the dropped packets when accessed so this tells me loggin is goin on.

Thanks,
Jim
  • 0
    Can you please post a screenshot showing what you mean by missing?
  • 0 
    Astaro Beta Report
    --------------------------------
    Version: 7.900
    Type: BUG
    State: CONFIRMED/OPEN
    Reporter: scottj+++
    Contributor: 
    MantisID: 12723
    Target version: 8.050
    Fixed in version: 
    --------------------------------

  • 0 in reply to Astaro Beta Bot
    Hi KBR,

    Here are the screen shots:

    Please note I am not seeing anything from the IPS either. 

    Regards,
    Jim
  • 0
    Reporting Data is not displayed in realtime - there is a small delay (~ 15 minutes) until the reporting data is being updated. Can you please re-check?
  • 0
    Mario,

    It has been over 24 hours and the reporting has not appeared.

    Thanks,
    Jim
  • 0
    Hi scottj,

    could you please verify via logfile that the reporting is running properly.
    Please check system.log for entries "gen_inline_reporting_data.plx", it should be executed every 15 minutes.
    Additionally check the confd-debug.log for the entries "gen_inline_reporting_data.plx", it should be executed every 15 minutes.

    If I can help, please write me a pm and we will exchange necessary data.
  • 0
    Hi Cstich,

    The line "gen_inline_reporting_data.plx" is appearing in the system log. In the configuration log from web admin I do not see it. I am not in a location where I can get to the console currently.

    Thanks,
    Jim
  • 0
    All-

    I think the issue may have to do with the importing of my config file. When I received the update last Friday all of the information was there unit the next day. At some point in the near future I will do a factory reset or relaod the software and manually rebuild. Hopefully this will solve the problem.

    Thanks,
    Jim
  • 0
    Cstich,

    Today I did a reset of astaro and after doing a full manual config I had to turn off the web proxy. I noticed the following in the configuration daemon log:

    2010:04:18-16:45:50 OASIS confd[7531]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="new"
    2010:04:18-16:46:30 OASIS confd[7531]: I Storage::commit:344() => id="310d" severity="info" sys="System" sub="confd" name="external commit" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="commit" storage="/cfg"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="http" type="profile" ref="REF_DefaultHTTPProfile" objname="Default Proxy" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" attr_status="0" oldattr_status="1"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" version="9" storage="/cfg"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->profiles" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->exceptions" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:52:44 OASIS confd[7701]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" call="new"

    The permission denied looked odd.....
    I did not see it again once the HTTP porxy was enabled:

    2010:04:18-16:45:50 OASIS confd[7531]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="new"
    2010:04:18-16:46:30 OASIS confd[7531]: I Storage::commit:344() => id="310d" severity="info" sys="System" sub="confd" name="external commit" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" call="commit" storage="/cfg"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="http" type="profile" ref="REF_DefaultHTTPProfile" objname="Default Proxy" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" attr_status="0" oldattr_status="1"
    2010:04:18-16:46:30 OASIS confd[4075]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="scottj" srcip="192.168.1.2" sid="JAuaSyDdOcNqsOaVcYGr" facility="webadmin" client="index.plx" pid="7531" version="9" storage="/cfg"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->profiles" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="R_PERM_DENIED (read access denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy" call="get" roles="ANONYMOUS" function="get" nodelist="http->exceptions" perms="SUPERADMIN,ADMIN,NTTOPERATOR,AUDITOR"
    2010:04:18-16:46:31 OASIS confd[7587]: W Message::err_set:480() => id="3100" severity="warn" sys="System" sub="confd" name="PERM_DENIED (permission denied)" user="system" srcip="127.0.0.1" facility="system" client="httpproxy"
    2010:04:18-16:52:44 OASIS confd[7701]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" call="new"
    2010:04:18-16:54:01 OASIS confd[7701]: I Storage::commit:344() => id="310d" severity="info" sys="System" sub="confd" name="external commit" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" call="commit" storage="/cfg"
    2010:04:18-16:54:01 OASIS confd[4075]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="http" type="profile" ref="REF_DefaultHTTPProfile" objname="Default Proxy" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" pid="7701" attr_status="1" oldattr_status="0"
    2010:04:18-16:54:01 OASIS confd[4075]: I main::cleanup_changelog:688() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 7 from changelog"
    2010:04:18-16:54:01 OASIS confd[4075]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="scottj" srcip="192.168.1.2" sid="reeOkazZDykoohsvxmQb" facility="webadmin" client="index.plx" pid="7701" version="10" storage="/cfg"
    2010:04:18-16:59:36 OASIS confd[7893]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="GLlikipinpNcrXZSDqlK" facility="webadmin" client="index.plx" call="new"

    I have over 100 sites added in the block URL's list. All advertising sites in addition to catagories blocked.

    Thanks,
    Jim
  • 0
    All-

    I am still experiencing this issue and I am not sure how to correct it. On Saturday i reloaded Astaro with latest 7.0902 version form the FTP server, and manuslly configured everything. The problem still exists which leads me to think a process has stopped running. Typically after a firmware update the security stats are populated. But I have nothing. Secondly the Confd log has only three lines in it:
    2010:04:20-05:20:04 OASIS confd[23237]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="pAVmoDIXrfhMiKebuKqN" facility="webadmin" client="index.plx" call="new"
    2010:04:20-16:53:36 OASIS confd[7928]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="rTpOEnWhIpjagTrIjHju" facility="webadmin" client="index.plx" call="new"
    2010:04:20-17:30:33 OASIS confd[9384]: I Role::authenticate:140() => id="3106" severity="info" sys="System" sub="confd" name="authentication successful" user="scottj" srcip="192.168.1.2" sid="vdpLBkWPAWZtcUNeQIvC" facility="webadmin" client="index.plx" call="new"


    Help!

    Thanks,
    Jim
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?