Thread Info
  • State Not Answered
  • Replies 20 replies
  • Subscribers 0 subscribers
  • Views 5508 views
  • Users 0 members are here
Options
Suggested

[7.903][BUG][CLOSED] HTTP conf reload every 3-4 minutes

RFCat_vk_01
Hi,
yes this is very similar to another thread I have running, but I thought it needed to be highlighted.

At the http proxy conf reloads every 3-4 minutes.

what needs to be changed to make it wait a bit longer between reloads?

Drops downloads..

Ian M
  • 0 
    Astaro Beta Report

    --------------------------------

    Version: 7.903

    Type: BUG

    State: CLOSED

    Reporter: RFCat_vk++

    Contributor: BrucekConvergent

    MantisID: 

    Target version: 

    Fixed in version: 

    --------------------------------
  • 0
    Ian, 

    what log entries are you seeing when it restarts? Do you have any DNS host definitions in your allowed networks, exceptions, or exemptions?
  • 0 in reply to AlanT_01
    Same exact problem here!  Is not a problem on similarly configured 7.504 system, nor do I recall having the issue in the previous beta release -- something is definitely broken!

    Here are the log entries you see every few minutes:
    2010:04:23-11:37:07 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="724" message="server 'cffs05.astaro.com' access time: 277ms"
    2010:04:23-11:37:12 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:23-11:37:13 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:23-11:38:12 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:23-11:38:14 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:23-11:39:15 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:23-11:39:17 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:23-11:40:18 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:23-11:40:20 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:23-11:41:20 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:23-11:41:22 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:23-11:42:22 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:23-11:42:23 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:23-11:43:23 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:23-11:43:25 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:23-11:44:25 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:23-11:44:27 asgmgmt2 httpproxy[18811]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"

    As to whether or not I have DNS definitions in Exceptions or Exemptions, yes, of course -- The astaro default config includes such exceptions any way (windows update, Apple, etc.), but I do have more I added for AV updates from Avira, etc.  Same config that worked fine before.  I do not have any DNS Definitions in use as to the allowed networks settings list on the Web Proxy, though, if that helps.  Edited to add:  I might also include that this config is in transparent mode, and there are a couple of DNS Definitions in the Transparent Skiplist as well, if that helps.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    Bruce, 

    I can see the same logs appearing in all of my firewalls, but I'm not experiencing any download interruptions. I may just not have noticed, but the log entries are happening as often as every 10 minutes on my main unit, and I download, quite a few large files  over http on that one. can you also check the ips and afc logs? Also, can you give a rough overview of your proxy setup? Profile modes, single/dual scan, etc.. 

    Ian, are these the same logs you're seeing? Can you also check other logs? My first thought was that a dns host definition could be triggering a config reload, whenever it is re-resolved. Something like a dyndns host would have a low ttl, and could be frequently updating.

    I will check with the devs to see what thoughts they may have.
  • 0
    Can you please check the output of
    grep dns-resolver.plx /var/log/confd.log

    at the command line?

    The proxy works fine on my installations. But we touched the dns-resolver recently.
    So maybe there is a link.

    Regards,
    Daniel
  • 0 in reply to AlanT_01
    Bruce, 

    I can see the same logs appearing in all of my firewalls, but I'm not experiencing any download interruptions.


    Alan... it does indeed disrupt downloads that go on longer than the interval between reloads.  While downloading a 600MB or so VMPlayer image from a remote site, via the http proxy (which isn't even scanned by AV as it exceeds the configured size for scanning, the proxy is essentially just forwarding the download unmolested--well, should be LOL), I had it interrupt the download each time at around the 200MB mark (right about the time the reload message occurred in the log).  I turned it off, voila, no more interruptions.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to anonymous_02
    Can you please check the output of 
    grep dns-resolver.plx /var/log/confd.log

    at the command line?

    The proxy works fine on my installations. But we touched the dns-resolver recently.
    So maybe there is a link.

    Regards,
    Daniel


    Will do... I'll post what I get here in a minute.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Daniel, it does look like these items are related... here's a log excerpt from the command you asked me to run...  


    2010:04:23-11:00:20 asgmgmt2 confd[3662]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="16665" version="135" storage="/cfg"
    2010:04:23-11:01:20 asgmgmt2 confd[16715]: I Storage::commit:344() => id="3100" severity="info" sys="System" sub="confd" name="internal commit" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" storage="/cfg"
    2010:04:23-11:01:20 asgmgmt2 confd[3662]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="dns_group" ref="REF_YKkbUzNvUu" objname="liveupdate.symantecliveupdate.com" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="16715" attr_addresses="['64.208.121.58','64.208.121.64','64.208.121.19','64.208.121.8','64.208.121.41','64.208.121.17']" oldattr_addresses="['204.2.215.8','204.2.215.10','204.2.215.82','204.2.215.17','204.2.215.18','204.2.215.19','204.2.215.81','204.2.215.9','204.2.215.73']"
    2010:04:23-11:01:20 asgmgmt2 confd[3662]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="16715" version="136" storage="/cfg"
    2010:04:23-11:02:21 asgmgmt2 confd[16788]: I Storage::commit:344() => id="3100" severity="info" sys="System" sub="confd" name="internal commit" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" storage="/cfg"
    2010:04:23-11:02:22 asgmgmt2 confd[3662]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="dns_group" ref="REF_YKkbUzNvUu" objname="liveupdate.symantecliveupdate.com" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="16788" attr_addresses="['24.143.201.56','24.143.201.19','24.143.201.64','24.143.201.25','24.143.201.50','24.143.201.40']" oldattr_addresses="['64.208.121.58','64.208.121.64','64.208.121.19','64.208.121.8','64.208.121.41','64.208.121.17']"
    2010:04:23-11:02:22 asgmgmt2 confd[3662]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="16788" version="137" storage="/cfg"
    2010:04:23-11:02:22 asgmgmt2 confd[16788]: I Storage::commit:344() => id="3100" severity="info" sys="System" sub="confd" name="internal commit" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" storage="/cfg"
    2010:04:23-11:02:22 asgmgmt2 confd[3662]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="dns_group" ref="REF_HUCUMYuZmy" objname="pop.secureserver.net" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="16788" attr_addresses="['97.74.135.111']" oldattr_addresses="['64.202.165.92']"
    2010:04:23-11:02:23 asgmgmt2 confd[3662]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="16788" version="138" storage="/cfg"
    2010:04:23-11:03:24 asgmgmt2 confd[16897]: I Storage::commit:344() => id="3100" severity="info" sys="System" sub="confd" name="internal commit" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" storage="/cfg"
    2010:04:23-11:03:24 asgmgmt2 confd[3662]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="dns_group" ref="REF_YKkbUzNvUu" objname="liveupdate.symantecliveupdate.com" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="16897" attr_addresses="['204.2.215.24','204.2.215.40','204.2.215.8','204.2.215.82','204.2.215.10','204.2.215.42','204.2.215.19','204.2.215.73','204.2.215.9']" oldattr_addresses="['24.143.201.56','24.143.201.19','24.143.201.64','24.143.201.25','24.143.201.50','24.143.201.40']"
    2010:04:23-11:03:24 asgmgmt2 confd[3662]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="16897" version="139" storage="/cfg"
    2010:04:23-11:04:25 asgmgmt2 confd[16946]: I Storage::commit:344() => id="3100" severity="info" sys="System" sub="confd" name="internal commit" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" storage="/cfg"
    2010:04:23-11:04:26 asgmgmt2 confd[3662]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="dns_group" ref="REF_YKkbUzNvUu" objname="liveupdate.symantecliveupdate.com" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="16946" attr_addresses="['204.2.215.24','204.2.215.74','204.2.215.32','204.2.215.25','204.2.215.33','204.2.215.58']" oldattr_addresses="['204.2.215.24','204.2.215.40','204.2.215.8','204.2.215.82','204.2.215.10','204.2.215.42','204.2.215.19','204.2.215.73','204.2.215.9']"
    2010:04:23-11:04:26 asgmgmt2 confd[3662]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="16946" version="140" storage="/cfg"
    2010:04:23-11:05:27 asgmgmt2 confd[17020]: I Storage::commit:344() => id="3100" severity="info" sys="System" sub="confd" name="internal commit" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" storage="/cfg"
    2010:04:23-11:05:27 asgmgmt2 confd[3662]: I main::top-level:462() => id="310a" severity="info" sys="System" sub="confd" name="object changed" class="network" type="dns_group" ref="REF_HUCUMYuZmy" objname="pop.secureserver.net" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="17020" attr_addresses="['72.167.82.11']" oldattr_addresses="['97.74.135.111']"
    2010:04:23-11:05:27 asgmgmt2 confd[3662]: I main::top-level:564() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" pid="17020" version="141" storage="/cfg"
    2010:04:23-11:06:28 asgmgmt2 confd[17097]: I Storage::commit:344() => id="3100" severity="info" sys="System" sub="confd" name="internal commit" user="system" srcip="127.0.0.1" sid="huEJcfyfxkkibjQBMsub" facility="system" client="dns-resolver.plx" storage="/cfg"



    These entries are occurring constantly, and have been throughout the day, just as the http proxy reload entries are listed.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    I removed a Network group which included the liveupdate.symantec.com DNS host which is constantly being re-queried in the log excerpt above from the Exceptions tab in Web Security... no change...  then I removed it from the Transparent Skip list... suddently the constant reloads stopped.  I've checked other production systems (7.504) and haven't seen this phenomenon, and some of them are configured similarly.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Hi folks,
    I run the extract and attached it as a compressed file because the raw file is over 1mb in size.
    DNS host entries, I have the ASG defaults and a couple of others I have added.
    My http proxy is in standard mode.

    Also since I installed the 7.903 update my cpu has become very spikey. Mind you the cpu is not heavily loaded, but the new spikes are way higher than the average under previous beta releases.

    Ian M
    2010:04:24-05:07:16 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:07:17 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="724" message="server 'cffs04.astaro.com' access time: 729ms"
    2010:04:24-05:07:18 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="724" message="server 'cffs09.astaro.com' access time: 772ms"
    2010:04:24-05:07:18 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:08:15 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:08:18 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:08:18 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:08:19 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:08:19 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:08:20 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:09:18 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:09:21 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:09:21 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:09:23 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:09:23 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:09:24 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:10:21 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:10:24 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:10:24 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:10:25 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:10:25 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:10:27 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:16:28 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:16:31 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:16:31 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:16:32 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    2010:04:24-05:16:32 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="716" message="reloading config"
    2010:04:24-05:16:34 fw1-on-house httpproxy[13812]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="749" message="done"
    confd.zip
Cookie Information Banner