Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 7788 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Notification System

DrMeskon

Hi,

we are recently getting notifications very often:

Application Control daemon not running - restarted

and

Up2Date prefetch failed: All 4 Authentication Servers failed

Firewall is SG330 with latest firmware.

Any ideas what is causing this?



This thread was automatically locked due to age.
  • 0

    Hi, 

    Take a took at the afc.log, kernel.log, and up2date.log for more information about the errors. Please refer to, Sophos UTM Logfile information.

    This will give you some insight and alongside, you can post the logs here and to the support team to help you find the root cause. 

    Thanks

  • 0 in reply to sachingurung

    up2date.log:

     

     

    2018:01:22-02:07:01 fw-sophos-1 audld[7197]: running on HA master system or cluster node
2018:01:22-02:07:01 fw-sophos-1 audld[7197]: Starting Up2Date Package Downloader
2018:01:22-02:07:04 fw-sophos-1 audld[7197]: patch up2date possible
2018:01:22-02:07:04 fw-sophos-1 audld[7197]: Using static update server list in HA mode
2018:01:22-02:07:35 fw-sophos-1 audld[7197]: Could not connect to Server us1.utmu2d.sophos.com (status=500 Can't connect to us1.utmu2d.sophos.com:443 (timeout)).
2018:01:22-02:08:10 fw-sophos-1 audld[7197]: Could not connect to Server us2.utmu2d.sophos.com (status=500 alarm).
2018:01:22-02:08:12 fw-sophos-1 audld[7197]: Could not connect to Server sg1.utmu2d.sophos.com (status=503 Service Not Available).
2018:01:22-02:08:20 fw-sophos-1 audld[7197]: Could not connect to Server eu1.utmu2d.sophos.com (status=500 Internal Server Error).
2018:01:22-02:08:38 fw-sophos-1 audld[7197]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Internal Server Error).
2018:01:22-02:08:44 fw-sophos-1 audld[7197]: Could not connect to Authentication Server us2.utmu2d.sophos.com (code=500 500 Internal Server Error).
2018:01:22-02:08:50 fw-sophos-1 audld[7197]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=503 503 Service Not Available).
2018:01:22-02:09:25 fw-sophos-1 audld[7197]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2018:01:22-02:09:25 fw-sophos-1 audld[7197]: Using static download server list in HA mode
2018:01:22-02:09:26 fw-sophos-1 audld[7197]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="savi"
2018:01:22-02:09:26 fw-sophos-1 auisys[7626]: running on HA master system or cluster node
2018:01:22-02:09:26 fw-sophos-1 auisys[7626]: waiting for db_verify to return (30 seconds max)
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: not cleaning /var/up2date/sys-install in --nosys mode
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: removing '/var/up2date/appctrl43-install'
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: removing '/var/up2date/aptp-install'
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: removing '/var/up2date/avira-xvdf-install'
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: removing '/var/up2date/aws-install'
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: removing '/var/up2date/cadata-install'
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: removing '/var/up2date/clvbrowser-install'
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: removing '/var/up2date/geoip-install'
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: removing '/var/up2date/man9-install'
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: removing '/var/up2date/ohelp9-install'
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: removing '/var/up2date/savi-install'
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: Starting Up2Date Package Installer
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: No suitable packages of type <man9> found, skipping
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: No suitable packages of type <aws> found, skipping
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: No suitable packages of type <clvbrowser> found, skipping
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: No suitable packages of type <appctrl43> found, skipping
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: No suitable packages of type <ohelp9> found, skipping
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: No suitable packages of type <aptp> found, skipping
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: No suitable packages of type <avira-xvdf> found, skipping
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: No suitable packages of type <cadata> found, skipping
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: No suitable packages of type <geoip> found, skipping
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: Install u2d packages <savi>
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: Starting installing up2date packages for type 'savi'
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: Installing up2date package: /var/up2date/savi/u2d-savi-9.12091-12092.patch.tgz.gpg
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: Verifying up2date package signature
2018:01:22-02:09:27 fw-sophos-1 auisys[7626]: Unpacking installation instructions
2018:01:22-02:09:28 fw-sophos-1 auisys[7626]: parsing installation instructions
2018:01:22-02:09:28 fw-sophos-1 auisys[7626]: This is a patch. Setting required_version to 9.12091
2018:01:22-02:09:28 fw-sophos-1 auisys[7626]: Unpacking up2date package container
2018:01:22-02:09:28 fw-sophos-1 auisys[7626]: Running pre-installation checks
2018:01:22-02:09:28 fw-sophos-1 auisys[7626]: Starting up2date package installation
2018:01:22-02:09:45 fw-sophos-1 auisys[7626]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.12092" package="savi"
2018:01:22-02:09:45 fw-sophos-1 auisys[7626]: [INFO-306] New Pattern Up2Dates installed
2018:01:22-02:09:46 fw-sophos-1 auisys[7626]: Up2Date Package Installer finished, exiting
2018:01:22-02:09:46 fw-sophos-1 auisys[7626]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
2018:01:22-02:12:15 fw-sophos-2 auisys[4366]: running on HA slave system or cluster node
2018:01:22-02:12:15 fw-sophos-2 auisys[4366]: running on slave/cluster node, skipping license check
2018:01:22-02:12:15 fw-sophos-2 auisys[4366]: waiting for db_verify to return (30 seconds max)
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: not cleaning /var/up2date/sys-install in --nosys mode
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: removing '/var/up2date/appctrl43-install'
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: removing '/var/up2date/aptp-install'
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: removing '/var/up2date/avira-xvdf-install'
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: removing '/var/up2date/aws-install'
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: removing '/var/up2date/cadata-install'
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: removing '/var/up2date/clvbrowser-install'
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: removing '/var/up2date/geoip-install'
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: removing '/var/up2date/man9-install'
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: removing '/var/up2date/ohelp9-install'
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: removing '/var/up2date/savi-install'
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: Starting Up2Date Package Installer
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: No suitable packages of type <man9> found, skipping
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: No suitable packages of type <aws> found, skipping
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: No suitable packages of type <clvbrowser> found, skipping
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: No suitable packages of type <appctrl43> found, skipping
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: No suitable packages of type <ohelp9> found, skipping
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: No suitable packages of type <aptp> found, skipping
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: No suitable packages of type <avira-xvdf> found, skipping
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: No suitable packages of type <cadata> found, skipping
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: No suitable packages of type <geoip> found, skipping
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: Install u2d packages <savi>
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: Starting installing up2date packages for type 'savi'
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: Installing up2date package: /var/up2date/savi/u2d-savi-9.12091-12092.patch.tgz.gpg
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: Verifying up2date package signature
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: Unpacking installation instructions
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: parsing installation instructions
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: This is a patch. Setting required_version to 9.12091
2018:01:22-02:12:16 fw-sophos-2 auisys[4366]: Unpacking up2date package container
2018:01:22-02:12:17 fw-sophos-2 auisys[4366]: Running pre-installation checks
2018:01:22-02:12:17 fw-sophos-2 auisys[4366]: Starting up2date package installation
2018:01:22-02:12:32 fw-sophos-2 auisys[4366]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.12092" package="savi"
2018:01:22-02:12:32 fw-sophos-2 auisys[4366]: [INFO-306] New Pattern Up2Dates installed
2018:01:22-02:12:33 fw-sophos-2 auisys[4366]: Up2Date Package Installer finished, exiting
2018:01:22-02:12:33 fw-sophos-2 auisys[4366]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
2018:01:22-02:18:01 fw-sophos-1 audld[9478]: running on HA master system or cluster node
2018:01:22-02:18:01 fw-sophos-1 audld[9478]: Starting Up2Date Package Downloader
2018:01:22-02:18:02 fw-sophos-1 audld[9478]: disabling patch up2dates (confd hint)
2018:01:22-02:18:02 fw-sophos-1 audld[9478]: Using static update server list in HA mode
2018:01:22-02:18:11 fw-sophos-1 audld[9478]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Internal Server Error).
2018:01:22-02:18:22 fw-sophos-1 audld[9478]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2018:01:22-02:18:22 fw-sophos-1 audld[9478]: Using static download server list in HA mode
  • 0 in reply to sachingurung

    afc.log:

     

    2018:01:22-12:53:22 fw-sophos-1 afcd[4412]: libnavl: W: ValidateTransaction: No valid Web transaction for this connection - abandoning flow
2018:01:22-12:54:34 fw-sophos-1 afcd[4412]: libnavl: W: ValidateTransaction: No valid Web transaction for this connection - abandoning flow
2018:01:22-12:55:56 fw-sophos-1 ulogd[4269]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="1" outitf="eth7" mark="0x203c" app="60" srcmac="x" srcip="x" dstip="x" proto="17" length="132" tos="0x00" prec="0x00" ttl="63" srcport="6881" dstport="6881" 
2018:01:22-12:55:56 fw-sophos-1 ulogd[4269]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="1" outitf="eth7" mark="0x203c" app="60" srcmac="x" srcip="x" dstip="x" proto="17" length="132" tos="0x00" prec="0x00" ttl="63" srcport="6881" dstport="6881" 
2018:01:22-12:56:44 fw-sophos-1 afcd[4412]: libnavl: W: ValidateTransaction: No valid Web transaction for this connection - abandoning flow
2018:01:22-13:00:19 fw-sophos-1 afcd[4412]: libnavl: W: ValidateTransaction: No valid Web transaction for this connection - abandoning flow
2018:01:22-13:02:08 fw-sophos-1 afcd[25377]: _afc_cfg_file_plugin_parse: 1912 protocols registered
2018:01:22-13:02:08 fw-sophos-1 afcd[25377]: libnavl: E: InitInstance: Error initializing instance of plugin HPACK_UTIL
2018:01:22-13:02:09 fw-sophos-1 afcd[25377]: loaded plugin '/var/sec/chroot-afc/lib/afc/vineyard.so'
2018:01:22-13:02:09 fw-sophos-1 afcd[25377]: _afc_cfg_file_plugin_parse: 1912 protocols registered
2018:01:22-13:02:09 fw-sophos-1 afcd[25382]: AFC ready.
2018:01:22-13:02:10 fw-sophos-1 ulogd[4269]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="1" outitf="eth7" mark="0x103c" app="60" srcmac="x" srcip="x" dstip="x" proto="17" length="327" tos="0x00" prec="0x00" ttl="63" srcport="6881" dstport="24331" 
2018:01:22-13:02:10 fw-sophos-1 ulogd[4269]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="1" outitf="eth7" mark="0x203c" app="60" srcmac="x" srcip="x" dstip="x" proto="17" length="132" tos="0x00" prec="0x00" ttl="63" srcport="6881" dstport="8999"
  • 0

    I wouldn't worry about those AppCtrl messages, Almis - it's just the software doing what it should and being "chatty" about it.  The Up2Date prefetch messages are due to things outside the UTM - I see those in many clients' notification messages.

    Cheers - Bob