Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 2 replies
  • Subscribers 0 subscribers
  • Views 1361 views
  • Users 0 members are here
Options
Suggested

[9.100][BUG] Http messages error...

Siarom
After the update, the number of error messages to the proxy increased very ... this is normal behavior or bug?

tunnel_handler_recv_data" file="tunnel.c" line="45" message="epoll_fill_buffer: Connection reset by peer"
2013:04:26-11:42:55 secg97 httpproxy[5603]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x1872ac38" function="ssl_raw_read" file="ssl.c" line="581" message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"
2013:04:26-11:42:55 secg97 httpproxy[5603]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.59" dstip="" user="silvia.helena" statuscode="200" cached="0" profile="REF_HttProAcessGeral (Acesso Geral)" filteraction="REF_HttCffAcessAtend (Acesso Geral)" size="0" request="0x1872ac38" url="platform.twitter.com/" exceptions="certcheck,certdate" error=""
2013:04:26-11:42:55 secg97 httpproxy[5603]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x189da7d8" function="ssl_raw_read" file="ssl.c" line="581" message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"
2013:04:26-11:42:55 secg97 httpproxy[5603]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x18ae50d0" function="ssl_raw_read" file="ssl.c" line="581" message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"
2013:04:26-11:42:55 secg97 httpproxy[5603]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.3.239" dstip="192.150.14.174" user="" statuscode="200" cached="0" profile="REF_HttProAcessGeral (Acesso Geral)" filteraction="REF_HttCffAcessAtend (Acesso Geral)" size="2" request="0x18fe69d8" url="hl2rcv.adobe.com/.../html" application="adobe"
2013:04:26-11:42:55 secg97 httpproxy[5603]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.51" dstip="199.16.156.8" user="daniel.gurgel" statuscode="200" cached="0" profile="REF_HttProAcessGeral (Acesso Geral)" filteraction="REF_HttCffAcessAtend (Acesso Geral)" size="2" request="0x1a57e998" url="api.twitter.com/.../json" application="twitter"
2013:04:26-11:42:56 secg97 httpproxy[5603]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.191" dstip="23.60.5.186" user="luciana.lima" statuscode="200" cached="0" profile="REF_HttProAcessGeral (Acesso Geral)" filteraction="REF_HttCffAcessAtend (Acesso Geral)" size="190923" request="0x15766ce0" url="bay172.mail.live.com/default.aspx
2013:04:26-11:42:56 secg97 httpproxy[5603]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.111" dstip="200.233.70.240" user="" statuscode="200" cached="0" profile="REF_HttProAcessGeral (Acesso Geral)" filteraction="REF_HttCffAcessAtend (Acesso Geral)" size="1332" request="0x18436c90" url="ssl.secrel.com.br/.../iframe_avisos.asp
2013:04:26-11:42:56 secg97 httpproxy[5603]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.111" dstip="200.233.70.240" user="" statuscode="304" cached="0" profile="REF_HttProAcessGeral (Acesso Geral)" filteraction="REF_HttCffAcessAtend (Acesso Geral)" size="0" request="0x18693cd8" url="ssl.secrel.com.br/.../quadro.css" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error=""
2013:04:26-11:42:56 secg97 httpproxy[5603]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.111" dstip="200.233.70.240" user="" statuscode="304" cached="0" profile="REF_HttProAcessGeral (Acesso Geral)" filteraction="REF_HttCffAcessAtend (Acesso Geral)" size="0" request="0x18693cd8" url="ssl.secrel.com.br/.../moveDiv.js" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error=""
2013:04:26-11:42:56 secg97 httpproxy[5603]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.111" dstip="200.233.70.240" user="" statuscode="304" cached="0" profile="REF_HttProAcessGeral (Acesso Geral)" filteraction="REF_HttCffAcessAtend (Acesso Geral)" size="0" request="0x18693cd8" url="ssl.secrel.com.br/.../js.js" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension" error=""
2013:04:26-11:42:56 secg97 httpproxy[5603]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9b967c0" function="tunnel_handler_recv_data" file="tunnel.c" line="45" message="epoll_fill_buffer: Connection timed out"
2013:04:26-11:42:56 secg97 httpproxy[5603]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.3.239" dstip="74.125.137.125" user="" statuscode="500" cached="0" profile="REF_HttProAcessGeral (Acesso Geral)" filteraction="REF_HttCffAcessAtend (Acesso Geral)" size="72" request="0x9b967c0" url="talk.google.com/" exceptions="auth,content,url,ssl,certcheck,certdate,cache" error="Connection timed out"
2013:04:26-11:42:56 secg97 httpproxy[5603]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x197f2390" function="adir_auth_process_negotiate" file="auth_adir.c" line="1105" message="gss_accept_sec_context: An unsupported mechanism was requestedNo error"
2013:04:26-11:45:29 secg97 httpproxy[15397]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x18699398" function="ssl_connect" file="ssl.c" line="1300" message="ssl_handshake: Input/output error"
Parents
  • 0
    This appears to be a different problem, please keep it in its own thread.

    Here is a debugging tip.  You see the httpproxy[5603]  The number is the process id (pid).  If the number changes that is because the process was restarted.  This could be for valid reasons or it could be because it crashed.  In this case it restarted and the last thing it printed was an active directory error / authentication error.  This is new.

    The log also has a bunch of ssl errors that are probably unrelated.  We are dealing with several ssl issues right now and I'm tempted to not do a lot of investigation as they are likely already covered.
Reply
  • 0
    This appears to be a different problem, please keep it in its own thread.

    Here is a debugging tip.  You see the httpproxy[5603]  The number is the process id (pid).  If the number changes that is because the process was restarted.  This could be for valid reasons or it could be because it crashed.  In this case it restarted and the last thing it printed was an active directory error / authentication error.  This is new.

    The log also has a bunch of ssl errors that are probably unrelated.  We are dealing with several ssl issues right now and I'm tempted to not do a lot of investigation as they are likely already covered.
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?