Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 14 replies
  • Subscribers 0 subscribers
  • Views 4767 views
  • Users 0 members are here
Options
Suggested

[9.070][BUG] Kernel websec seg fault.

RFCat_vk_01
Hi,
checking to see if my main UTM had the same NIC issue as the mobile unit does and found this message, but nothing about the NIC.

This only appears in one UTM and there are many lines of it.


2013:02:26-23:19:29 cats-kingdom kernel: [405592.889424] websec-reporter[4178]: segfault at 3d0f00 ip 00000000f75df7f3 sp 00000000f6cdba58 error 4 in libc-2.11.3.so[f7568000+167000]

Isn
  • 0
    Hi Ian ,

    i had also some but i was not able to reproduce it that why i drop idea 

    013:02:13-12:44:25 acenn kernel: [ 4797.361136] websec-reporter[4886]: segfault at 0 ip 00000000f757e171 sp 00000000f6c72a7c error 4 in libc-2.11.3.so[f7506000+167000]

    2013:02:13-12:45:25 acenn kernel: [ 4857.229249] websec-reporter[25148]: segfault at 0 ip 00000000f7517171 sp 00000000f6c0ba7c error 4 in libc-2.11.3.so[f749f000+167000]

    but this was in 9.065 ,and your some address seems to be differant also 

    thanks
  • 0 in reply to utm_kid
    Hi,

    I guess the segfault in websec reporter is back.
    We fixed in for the 9.065. Check thread:
    https://community.sophos.com/products/unified-threat-management/astaroorg/f/80/t/64811
    Ian , what configuration did you use? Http proxy enabled? If yes, please provide http.log. [:)]
    Thanks
  • 0 in reply to Tinkerbell
    Hi Bianca,
    I use the http proxy in transparent mode.

    I am going to assume you mean the webfiltering log? The log is too big to attach, so any specific items I should be looking for?

    I can't find anything in the log that would like being relevant to me. I have found a couple of lines for another thread on incorrect classification blocking.

    Ian
  • 0 in reply to RFCat_vk_01
    Hi Ian,

    The developer needs the /var/log/httpd.log. Please save it and attach. I don't think it is such a large file. [:)] You could check the other thread i mentioned in my previous post. utm_kid attached the httpd logs for a previous beta version and these were very useful for investigating the websec reporter segfaults.
    Thanks!
  • 0 in reply to Tinkerbell
    Hi Bianca,
    this might be of interest and then again it might not, I am seeing alot of timeout errors mainly on instant messaging sites.
    I am not sure the attached file is of any value because it only has entries from when I log in to webmin.

    Ian
    logfiles_20130227214943.zip
  • 0 in reply to RFCat_vk_01
    Hi Ian,

    Also /var/log/http.log . Sorry forgot to mention it. [:)]
    Many thanks!
  • 0 in reply to Tinkerbell
    Hi Bianca,
    log file as requested coming up.

    Interesting night tonight, was able to login to the UTM with a new version of winscp on a w8 PC without changing anything, hasn't happened in the past.

    Ian[[[:)]]][[[:)]]][[[:)]]]
    http.zip
  • 0
    Hi,

    i can't reproduce the segfault with this file. Can you please attach http.log file from this date, when the websecurity reporter segfaulted. Thanks.
  • 0 in reply to user_hh
    hi ,
    this will help you  ?

    [HTML] 2013:02:13-12:43:39 acenn httpproxy[23351]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.7.135" dstip="74.125.236.130" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x9c6adf8" url="news.google.com/.../logXhrAction
    2013:02:13-12:43:39 acenn httpproxy[23351]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.7.135" dstip="173.194.38.179" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1218" request="0x9d39098" url="www.google.com/url
    2013:02:13-12:43:39 acenn httpproxy[23351]: id="0066" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden application detected" action="block" method="GET" srcip="192.168.7.135" dstip="173.194.38.160" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3121" request="0x9bd3300" url="www.youtube.com/.../X1EcagB0nV0
    2013:02:13-12:44:09 acenn httpproxy[23351]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="700" message="reloading config"
    2013:02:13-12:44:10 acenn httpproxy[23351]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="735" message="reloading config done, new version 44"
    2013:02:13-12:44:18 acenn httpproxy[23351]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.7.135" dstip="74.125.236.130" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x85dd600" url="news.google.com/.../logXhrAction
    2013:02:13-12:44:19 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="192.168.7.135" dstip="" user="" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2365" request="0x85dd600" url="news.google.com/.../logXhrAction
    2013:02:13-12:44:19 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="&lact=["n.uis.scasp",null,9,0,0,0,0,0,22]&lsta=["n.uis.scsp",1,5,2,0,null,0,0,1,0,1,16,3,0,0,null,[]]&ned=inPOST" srcip="192.168.7.135" dstip="" user="" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2365" request="0x85dd600" url="news.google.com/.../logXhrAction
    2013:02:13-12:44:19 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="&lact=["n.uis.scasp",null,9,3,0,0,0,0,22]&lsta=["n.uis.scsp",1,5,2,0,null,0,0,1,0,1,16,3,0,0,null,[]]&ned=inGET" srcip="192.168.7.135" dstip="" user="" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2491" request="0x85dd600" url="news.google.com/.../url
    2013:02:13-12:44:19 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.7.135" dstip="" user="" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2416" request="0x9b70b38" url="www.youtube.com/.../Fsmkun_u7C8
    2013:02:13-12:44:19 acenn httpproxy[23351]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.7.135" dstip="74.125.236.130" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x9c6adf8" url="news.google.com/.../logXhrAction
    2013:02:13-12:44:25 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="192.168.7.135" dstip="" user="" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2365" request="0x85dd600" url="news.google.com/.../logXhrAction
    2013:02:13-12:44:30 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="&lact=["n.uis.scasp",null,9,1,4,4,0,0,22]&lsta=["n.uis.scsp",1,5,2,0,null,0,0,1,0,1,16,3,0,0,null,[]]&ned=inPOST" srcip="192.168.7.135" dstip="" user="" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2365" request="0x85dd600" url="news.google.com/.../logXhrAction
    2013:02:13-12:44:30 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="&lact=["n.uis.scasp",null,9,1,0,0,0,0,22]&lsta=["n.uis.scsp",1,5,2,0,null,0,0,1,0,1,16,3,0,0,null,[]]&ned=inPOST" srcip="192.168.7.135" dstip="" user="" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2365" request="0x85dd600" url="news.google.com/.../logXhrAction
    2013:02:13-12:44:30 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="&lact=["n.uis.scasp",null,9,0,0,0,0,0,22]&lsta=["n.uis.scsp",1,5,2,0,null,0,0,1,0,1,16,3,0,0,null,[]]&ned=inPOST" srcip="192.168.7.135" dstip="" user="" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2365" request="0x85dd600" url="news.google.com/.../logXhrAction
    2013:02:13-12:44:30 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="192.168.7.135" dstip="" user="" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2365" request="0x9c6adf8" url="news.google.com/.../logXhrAction
    2013:02:13-12:44:30 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.7.135" dstip="" user="" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2416" request="0x9b70b38" url="www.youtube.com/.../Fsmkun_u7C8
    2013:02:13-12:44:30 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="&lact=["n.uis.scasp",null,9,3,0,0,0,0,22]&lsta=["n.uis.scsp",1,5,2,0,null,0,0,1,0,1,16,3,0,0,null,[]]&ned=inGET" srcip="192.168.7.135" dstip="" user="" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2491" request="0x85dd600" url="news.google.com/.../url
    2013:02:13-12:44:46 acenn httpproxy[23351]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="192.168.7.135" dstip="" user="admin" statuscode="302" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction=" ()" size="2367" request="0x9cf8908" url="passthrough.fw-notify.net/login" exceptions="" error=""
    2013:02:13-12:44:46 acenn httpproxy[23351]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.7.135" dstip="" user="admin" statuscode="403" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction="REF_HttCffUbserver (ubserver123456)" size="3118" request="0x9b70b38" url="www.youtube.com/.../Fsmkun_u7C8
    2013:02:13-12:45:04 acenn httpproxy[23351]: id="0063" severity="info" sys="SecureWeb" sub="http" name="Contentfilter override" url="www.youtube.com/.../Fsmkun_u7C8
    2013:02:13-12:45:05 acenn httpproxy[23351]: id="0066" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden application detected" action="block" method="GET" srcip="192.168.7.135" dstip="173.194.38.160" user="admin" statuscode="403" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction="REF_HttCffUbserver (ubserver123456)" size="3037" request="0x9b70b38" url="www.youtube.com/.../Fsmkun_u7C8
    2013:02:13-12:45:17 acenn httpproxy[23351]: id="0063" severity="info" sys="SecureWeb" sub="http" name="Contentfilter override" url="www.youtube.com/.../Fsmkun_u7C8
    2013:02:13-12:45:18 acenn httpproxy[23351]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.7.135" dstip="173.194.38.160" user="admin" statuscode="200" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction="REF_HttCffUbserver (ubserver123456)" size="5402" request="0x9ad9088" url="www.youtube.com/.../Fsmkun_u7C8
    2013:02:13-12:45:25 acenn httpproxy[23351]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.7.135" dstip="" user="admin" statuscode="403" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction="REF_HttCffUbserver (ubserver123456)" size="3017" request="0x9ad9808" url="s.ytimg.com/.../pixel-vfl3z5WfW.gif" exceptions="" error="" country="United States" reason="category" category="177" reputation="unverified" categoryname="Content Server"
    2013:02:13-12:45:25 acenn httpproxy[23351]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.7.135" dstip="" user="admin" statuscode="403" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction="REF_HttCffUbserver (ubserver123456)" size="3031" request="0x9ad9508" url="s.ytimg.com/.../www-embed-vflINP3Pd.css" exceptions="" error="" country="United States" reason="category" category="177" reputation="unverified" categoryname="Content Server"
    2013:02:13-12:45:25 acenn httpproxy[23351]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.7.135" dstip="" user="admin" statuscode="403" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction="REF_HttCffUbserver (ubserver123456)" size="3051" request="0x9ad9688" url="s.ytimg.com/.../www-embed_core_module-vfl3QV3p6.js" exceptions="" error="" country="United States" reason="category" category="177" reputation="unverified" categoryname="Content Server"
    2013:02:13-12:45:25 acenn httpproxy[23351]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.7.135" dstip="" user="admin" statuscode="403" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction="REF_HttCffUbserver (ubserver123456)" size="3017" request="0x9ad9688" url="s.ytimg.com/.../pixel-vfl3z5WfW.gif" exceptions="" error="" country="United States" reason="category" category="177" reputation="unverified" categoryname="Content Server"
    2013:02:13-12:45:25 acenn httpproxy[23351]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.7.135" dstip="" user="admin" statuscode="403" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction="REF_HttCffUbserver (ubserver123456)" size="3051" request="0x9ad9508" url="s.ytimg.com/.../www-embed_core_module-vfl3QV3p6.js" exceptions="" error="" country="United States" reason="category" category="177" reputation="unverified" categoryname="Content Server"
    2013:02:13-12:47:10 acenn httpproxy[23351]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.7.135" dstip="" user="admin" statuscode="403" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction="REF_HttCffUbserver (ubserver123456)" size="2980" request="0x9ad9c88" url="www.astaro.org/.../Business Forums"
    2013:02:13-12:47:14 acenn httpproxy[23351]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.7.135" dstip="" user="admin" statuscode="403" cached="0" profile="REF_HttProUbserver (ubserver12345)" filteraction="REF_HttCffUbserver (ubserver123456)" size="3002" request="0x9ad9c88" url="www.astaro.org/.../Business Forums"
    2013:02:13-12:47:23 acenn httpproxy[23351]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="700" message="reloading config"
    2013:02:13-12:47:24 acenn httpproxy[23351]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="735" message="reloading config done, new version 45" [/HTML]

    thx
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?