Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 31 replies
  • Subscribers 2 subscribers
  • Views 12312 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Up2Date Failing

Redactor007
I'm running 7.508 and I seem to be stuck at patch version 20663 and have been for several days even though it says that version 20741 is available.  I click on "Update Patterns Now" and it tells me that the process has started, but when I check the log, this is what I get:

[FONT=monospace]2010:11:24-05:51:12 bob audld[4861]: Starting Up2Date Package Downloader (Version 1.57) [/FONT]
[FONT=monospace]2010:11:24-05:51:13 bob audld[4861]: patch up2date possible [/FONT]
[FONT=monospace]2010:11:24-05:51:14 bob audld[4861]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful" [/FONT]


I've tried manual, I've tried automatic.  Nothing seems to work.

Any help would be appreciated.

Thanks,

Bob


This thread was automatically locked due to age.
  • 0
    I checked two other sites with about 100 users behind each.  the 13 October IPS Up2Date also was the only one for IPS on both sites.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Bob,
    What pattern # is the October update?
  • 0
    I'm not sure, but the rpm is u2d-ips-7.173-193.patch.rpm

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I have a subscription with IPS but not anti-virus nor anti-spam.

    When I make my pattern download/installation interval "Every 15 minutes", the Overview says:  "Current pattern version: 23154" and "Your patterns are up to date."

    When the interval is "Manual", it says that my current pattern version is 23154 and the latest available pattern version is 23267. It then invites me to "Update patterns now" but that doesn't update anything.

    I suspect the reason for this is that IPS patterns get updated rarely and anti-virus and anti-spam frequently, and that there is nothing to update that is relevant to my installation.

    Could someone confirm this, please?

    It would be helpful if the logs could make clear what is happening. "Authentication successful" does not really state the matter clearly.

    If this is the explanation, I think that I may leave this on automatic, but at a much lower frequency than every 15 minutes.
  • 0 in reply to mmather
    You are correct.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    PS Could someone tell me what appears on a log when an update is successful and when an update fails, so I know what to look for on my log server.
  • 0
    tell me what appears on a log when an update is successful and when an update fails
    An update isn't just one thing, but a process.  There is checking for connectivity to the update servers, authenticating to them, checking for updates, retrieval of relevant packages, then installation.  Given that you can only get IPS which, as you surmised, are not released on a frequent basis, you would be fine setting your Astaro to once a day.  It can actually be weeks between IPS updates, but you wouldn't want to wait too long after a new one is released before getting it.  Given this release schedule, you don't need to keep too close of an eye on the update log.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Well, yes, but there is surely one particular log event that indicates that an update has been completed and one that indicates it has been tried and has failed.
  • 0
    A successful install would show something like:

    id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="7.7325" package="clam"


    For a failure, the status entry would indicate as such.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Thanks, Scott.

    In case of failure, does it really say

        name="Successfully installed Up2Date package" status="failure"?

    If I search for 

       sub="up2date" AND status="*"

    will that give me one event for each of success and failure? (This search excludes events which don't have a "status" field.)
Cookie Information Banner