This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM320 with 9.307-6 - Basically unusable after update

Hello, I've been trying Sophos support, no luck for the last two days...

Our UTM320 is reaching 100% CPU and RAM usage periodically.

Top reports that the culprit is the websec-reporter it uses all available memory until it starts to coredump all over the place.

Once this process starts core dumping, the http.log file also fills up with

2015:02:05-12:00:09 QMSGW httpproxy[5510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdf4c000" function="send_request_body_send" file="request.c" line="632" message="recv: Input/output error"

2015:02:05-12:00:09 QMSGW httpproxy[5510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xde2db000" function="send_request_body_send" file="request.c" line="632" message="recv: Input/output error"

I can restart the proxy service by:

/var/mdw/scripts/httpproxy restart --for HTTP

And this will sometimes allow the system to limp along at 80-90 Memory usage (because of websec-reporter using it all), eventually websec ends, and all is good for about a half an hour or so then it restarts again

Any suggestions? We are a public school, the kids are very sad.....

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 10 years ago

is that I'll lose my history? just the current logging and reporting.
Correction, you will lose reporting, but NOT logs from rebuilding the database.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 10 years ago

is that I'll lose my history? just the current logging and reporting.
Correction, you will lose reporting, but NOT logs from rebuilding the database.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 R0n1 over 10 years ago in reply to Scott_Klassen

I have seen this issue in over 10 UTM's , mainly UTM 120's and 220 , running different firmwares.
Regular cpu spikes to 100% making internet unusable for minutes and sometimes longer.

We have been logging atop a lot and noticed that 100% cpu spikes shorter then a minute don't show up in the hardware logging view.

Several Sophos support cases are still under investigation.

These CPU spikes are mainly caused by pattern updates, placing the pattern updates as a temporary measure on manual shows significent improvement.

So i would really like to see this bug (open since 2013) fixed:

----------------------
[19998] - HTTP-Proxy unresponsive on Pattern Up2Date installation
Description: During AV Pattern Up2Date the HTTP-Proxy is unresponsive. As this update may take some time it often breaks existing connections (e.g. downloads).

Category........:  Web Protection - HTTP/S Proxy
Status..........:  assigned / open
Fixed in version:
Target version..:  9.109
----------------------

Another cause of regular CPU spike's, mostly at set times around 7 in the morning and 7 in the evening:

adbs-maintenance: Starting ADBS maintenance run

Observed this one with 120, 220's and even a new SG115 unit.
Cancel
Vote Up 0 Vote Down

Cancel