Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 24 replies
  • Subscribers 7 subscribers
  • Views 73889 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Disk Filling Up Very Fast

AChu87

My SG320 seems to have an issue with its data disk being filled up to 95% every two or three days. It will keep sending me email notifications to check it. I've gone through an RMA already as Sophos Tech couldn't figure out the problem thinking it was hardware related.  Only solution I have is to clear web cache. 

Have you guys had this issue?



This thread was automatically locked due to age.
  • 0 in reply to BAlfson

    Looking through the logs I see a bunch of these.

    2016:05:05-12:16:14 firewall httpproxy[3786]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.0.0.160" dstip="" user="" ad_domain=" "statuscode="502" cached="0" profile="REF_LPUGCUCIqG (All Students)" filteraction="REF_qdyKXyQpEv (All Students)" size="0" request="0x14837800" url="courier.push.apple.com/" referer="" error="Host not found" authtime="0" dnstime="122" cattime="0" avscantime="0" fullreqtime="230818" device="0" auth="0" ua="" exceptions="av,content,url,ssl,certcheck,certdate,mime,application,fileextension"

    and

    2016:05:05-00:12:49 firewall httpproxy[2512]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" 
    srcip="10.0.2.213" dstip="23.98.255.78" user="" ad_domain="" statuscode="500" cached="0" profile="REF_LPUGCUCIqG (All Students)" filteraction="REF_qdyKXyQpEv (All Students)"
     size="0" request="0x40c4e800" url="smcontent.blob.core.windows.net/.../QtCore"
     referer="" error="deferred download finished, timeout reached, removing" authtime="0" dnstime="48" cattime="0" avscantime="2280" fullreqtime="86403523188" device="0" auth="0" ua="Mozilla/5.0" 
    exceptions="content,url,ssl,certcheck,certdate,application,fileextension" content-type="application/octet-stream"
  • 0 in reply to AChu87

    If you didn't see anything especially suspicious at 13:00 or 13:01, then it would be worth trying to skip the Proxy for a DNS Host for smcontent.blob.core.windows.net.

    Cheers - Bob

  • 0

    Monitoring the http.log some more, I found it interesting that smcontent.blob.core.windows.net keeps showing up 100s of times consecutively. Here is a snippit of the log. "No space left on device" leads me to believe that this could be the culprit.


    2016:05:06-08:25:46 firewall httpproxy[6939]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.0.2.213" dstip="23.98.255.78" user="" ad_domain="" statuscode="500" cached="0" profile="REF_LPUGCUCIqG (All Students)" filteraction="REF_qdyKXyQpEv (All Students)" size="0" request="0x1c85a800" url="smcontent.blob.core.windows.net/.../QtCore" referer="" error="deferred download status refresh timeout, removing" authtime="0" dnstime="46" cattime="0" avscantime="0" fullreqtime="34328413" device="0" auth="0" ua="Mozilla/5.0" exceptions="content,url,ssl,certcheck,certdate,application,fileextension" content-type="application/octet-stream"
    2016:05:06-08:25:50 firewall httpproxy[6939]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x1be97000" function="read_response_body_file" file="response.c" line="1375" message="write 5277: No space left on device"


    2016:05:06-08:25:56 firewall httpproxy[6939]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="10.0.2.213" dstip="23.98.255.78" user="" ad_domain="" statuscode="500" cached="0" profile="REF_LPUGCUCIqG (All Students)" filteraction="REF_qdyKXyQpEv (All Students)" size="0" request="0x1c88a800" url="smcontent.blob.core.windows.net/.../QtCore" referer="" error="deferred download status refresh timeout, removing" authtime="0" dnstime="54" cattime="0" avscantime="0" fullreqtime="33337184" device="0" auth="0" ua="Mozilla/5.0" exceptions="content,url,ssl,certcheck,certdate,application,fileextension" content-type="application/octet-stream"
    2016:05:06-08:26:01 firewall httpproxy[6939]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x135a3000" function="read_response_body_file" file="response.c" line="1375" message="write 5019: No space left on device"

  • 0 in reply to AChu87 
    Clicking on this link actually downloads a 11mb file called QTcore. No idea what this is.

    smcontent.blob.core.windows.net/.../QtCore