This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM320 with 9.307-6 - Basically unusable after update

Hello, I've been trying Sophos support, no luck for the last two days...

Our UTM320 is reaching 100% CPU and RAM usage periodically.

Top reports that the culprit is the websec-reporter it uses all available memory until it starts to coredump all over the place.

Once this process starts core dumping, the http.log file also fills up with

2015:02:05-12:00:09 QMSGW httpproxy[5510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdf4c000" function="send_request_body_send" file="request.c" line="632" message="recv: Input/output error"

2015:02:05-12:00:09 QMSGW httpproxy[5510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xde2db000" function="send_request_body_send" file="request.c" line="632" message="recv: Input/output error"

I can restart the proxy service by:

/var/mdw/scripts/httpproxy restart --for HTTP

And this will sometimes allow the system to limp along at 80-90 Memory usage (because of websec-reporter using it all), eventually websec ends, and all is good for about a half an hour or so then it restarts again

Any suggestions? We are a public school, the kids are very sad.....

This thread was automatically locked due to age.

Parents

0 Kmaracle over 10 years ago

Well, the reporting did work, it just didn't seem to give me as much information as it did before, under the user search reports, I used to get results like:

Test Search 250 requests

Now I get:

T            1 request
Te           1 request
Tes          1 request
Test          etc.....
Test S

grep'd the log, no instances of "File exists"
The daily log file zoomed up to 89M zipped, when normally it's 20M or so
Most of the log consists of:

2015:02:05-12:00:09 QMSGW httpproxy[5510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xde2db000" function="send_request_body_send" file="request.c" line="632" message="recv: Input/output error"

I used grep to exclude these lines, yesterdays unzip log file was 15G, the excluded one is 150M

Does the reporting system look at zipped log files? Is it safe to delete the http-2015-02-05.log.gz file(s)?

So my guess is that something caused I/O errors, the log files grew to a crazy size, and the program that compiles the summaries used up all available ram trying to digest the logs.

So far it seems fine today, but on Feb 3,4,5 it was basically down. I installed the update on Feb 2
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Kmaracle over 10 years ago

Well, the reporting did work, it just didn't seem to give me as much information as it did before, under the user search reports, I used to get results like:

Test Search 250 requests

Now I get:

T            1 request
Te           1 request
Tes          1 request
Test          etc.....
Test S

grep'd the log, no instances of "File exists"
The daily log file zoomed up to 89M zipped, when normally it's 20M or so
Most of the log consists of:

2015:02:05-12:00:09 QMSGW httpproxy[5510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xde2db000" function="send_request_body_send" file="request.c" line="632" message="recv: Input/output error"

I used grep to exclude these lines, yesterdays unzip log file was 15G, the excluded one is 150M

Does the reporting system look at zipped log files? Is it safe to delete the http-2015-02-05.log.gz file(s)?

So my guess is that something caused I/O errors, the log files grew to a crazy size, and the program that compiles the summaries used up all available ram trying to digest the logs.

So far it seems fine today, but on Feb 3,4,5 it was basically down. I installed the update on Feb 2
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data