Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 20 replies
  • Subscribers 0 subscribers
  • Views 7616 views
  • Users 0 members are here
Options
Suggested

[8.270][NOTABUG][CLOSED] Services restarting

BAlfson
Beginning a little over 9 hours ago, I got the first of 42 messages:

12:28 Middleware not running - restarted
12:28 IM/P2P classifier not running - restarted
12:30 Dhcpd not running - restarted
01:04 Spam filter cannot query database servers
01:29 Dhcpd not running - restarted
01:31 Middleware not running - restarted
[...]
02:39 Service Monitor not running - restarted
[...]
04:22 ACC device agent not running - restarted
[...]
08:41 IM/P2P classifier not running - restarted



After that my laptop could not connect via any VPN, nor could I get answers to ping.  The same was true with my iPhone via the cellular network.

Cheers - Bob
Parents
  • 0
    No, Bill, in fact, it's empty.  Looking at the 10/17-18 CPU graph above, there were these new-with-V8.2xx peeks every 15 minutes.  Here are some possibly-interesting logs

    There's activity here every 15 minutes: 
    2011:11:17-20:09:08 post confd[4395]: I main::top-level:497() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="notifications->reboot_reason" value="{'0' => 'Rebooted by Up2Date'}" oldvalue="{'0' => ''}" user="system" srcip="127.0.0.1" sid="FhMRkJHCVPPZbEXtuMoT" facility="system" client="auisys.plx" pid="7351"

    2011:11:17-20:09:08 post confd[4395]: I main::cleanup_changelog:901() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 78 from changelog"

    2011:11:17-20:09:08 post confd[4395]: I main::cleanup_changelog:901() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 79 from changelog"

    2011:11:17-20:09:08 post confd[4395]: I main::cleanup_changelog:901() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 80 from changelog"

    2011:11:17-20:09:09 post confd[4395]: I main::top-level:710() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="FhMRkJHCVPPZbEXtuMoT" facility="system" client="auisys.plx" pid="7351" version="82" storage="/cfg"

    2011:11:17-20:09:34 post confd[4395]: I main::top-level:497() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="notifications->reboot_reason" value="{'0' => ''}" oldvalue="{'0' => 'Rebooted by Up2Date'}" user="system" srcip="127.0.0.1" sid="rxEqyUsmNmDVDdHFggmf" facility="system" client="auisys.plx" pid="7412"

    2011:11:17-20:09:34 post confd[4395]: I main::top-level:710() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="rxEqyUsmNmDVDdHFggmf" facility="system" client="auisys.plx" pid="7412" version="83" storage="/cfg"


    I logged out of WebAdmin for the day at 19:46:45; the HTTP daemon log ends with: 
    2011:11:17-19:46:50 post httpd: 10.x.x.2 - - [17/Nov/2011:19:46:50 -0600] "GET /wfe/asg/js/up2date.js?t=1321580806 HTTP/1.1" 200 820

    2011:11:17-19:46:50 post httpd: 10.x.x.2 - - [17/Nov/2011:19:46:50 -0600] "GET /blank.html HTTP/1.1" 304 -

    2011:11:17-19:46:50 post httpd: 10.x.x.2 - - [17/Nov/2011:19:46:50 -0600] "POST /index.plx HTTP/1.1" 200 263

    2011:11:17-19:46:50 post httpd: 10.x.x.2 - - [17/Nov/2011:19:46:50 -0600] "POST /index.plx HTTP/1.1" 200 656

    2011:11:17-19:46:50 post httpd: 10.x.x.2 - - [17/Nov/2011:19:46:50 -0600] "POST /index.plx HTTP/1.1" 200 603


    Cheers - Bob
    PS I just posted another thread about snort restarts every three minutes - the log doesn't seem to correlate with this issue though.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    No, Bill, in fact, it's empty.  Looking at the 10/17-18 CPU graph above, there were these new-with-V8.2xx peeks every 15 minutes.  Here are some possibly-interesting logs

    There's activity here every 15 minutes: 
    2011:11:17-20:09:08 post confd[4395]: I main::top-level:497() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="notifications->reboot_reason" value="{'0' => 'Rebooted by Up2Date'}" oldvalue="{'0' => ''}" user="system" srcip="127.0.0.1" sid="FhMRkJHCVPPZbEXtuMoT" facility="system" client="auisys.plx" pid="7351"

    2011:11:17-20:09:08 post confd[4395]: I main::cleanup_changelog:901() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 78 from changelog"

    2011:11:17-20:09:08 post confd[4395]: I main::cleanup_changelog:901() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 79 from changelog"

    2011:11:17-20:09:08 post confd[4395]: I main::cleanup_changelog:901() => id="3100" severity="info" sys="System" sub="confd" name="trimmed version 80 from changelog"

    2011:11:17-20:09:09 post confd[4395]: I main::top-level:710() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="FhMRkJHCVPPZbEXtuMoT" facility="system" client="auisys.plx" pid="7351" version="82" storage="/cfg"

    2011:11:17-20:09:34 post confd[4395]: I main::top-level:497() => id="310c" severity="info" sys="System" sub="confd" name="node changed" node="notifications->reboot_reason" value="{'0' => ''}" oldvalue="{'0' => 'Rebooted by Up2Date'}" user="system" srcip="127.0.0.1" sid="rxEqyUsmNmDVDdHFggmf" facility="system" client="auisys.plx" pid="7412"

    2011:11:17-20:09:34 post confd[4395]: I main::top-level:710() => id="310n" severity="info" sys="System" sub="confd" name="applied changes" user="system" srcip="127.0.0.1" sid="rxEqyUsmNmDVDdHFggmf" facility="system" client="auisys.plx" pid="7412" version="83" storage="/cfg"


    I logged out of WebAdmin for the day at 19:46:45; the HTTP daemon log ends with: 
    2011:11:17-19:46:50 post httpd: 10.x.x.2 - - [17/Nov/2011:19:46:50 -0600] "GET /wfe/asg/js/up2date.js?t=1321580806 HTTP/1.1" 200 820

    2011:11:17-19:46:50 post httpd: 10.x.x.2 - - [17/Nov/2011:19:46:50 -0600] "GET /blank.html HTTP/1.1" 304 -

    2011:11:17-19:46:50 post httpd: 10.x.x.2 - - [17/Nov/2011:19:46:50 -0600] "POST /index.plx HTTP/1.1" 200 263

    2011:11:17-19:46:50 post httpd: 10.x.x.2 - - [17/Nov/2011:19:46:50 -0600] "POST /index.plx HTTP/1.1" 200 656

    2011:11:17-19:46:50 post httpd: 10.x.x.2 - - [17/Nov/2011:19:46:50 -0600] "POST /index.plx HTTP/1.1" 200 603


    Cheers - Bob
    PS I just posted another thread about snort restarts every three minutes - the log doesn't seem to correlate with this issue though.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML