Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1350 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

memory based content filter, repeated sf_control downloads, web traffic stops

hopkins.103
I've observed on 9.006-5 (at work, two Dell R720 with 48G RAM in HA pair - support case ongoing, on the cloud again) and now at home 9.100-16 (at home, D2500CC with 4G RAM) the sf_control file repeatedly downloading which "pauses" the traffic passing through the proxy while the ~400M file downloads.

Has anyone else experienced or observed this?  Any suggestions or advice?

From the home system's logs today (portion of grep scr_scanner.c  /var/log/http.log | grep -v cffs | grep -v colon)  

2013:05:24-19:39:43 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="713" message="reloading list"

2013:05:24-19:39:45 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-19:39:45 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="715" message="list reload failed, using old list"

2013:05:24-19:39:47 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-19:39:47 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Attempted to retrieve control list serial number but no control list is loaded"

2013:05:24-19:39:47 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="719" message="list version: 40040"

2013:05:24-19:53:21 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="713" message="reloading list"

2013:05:24-19:53:23 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-19:53:23 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="715" message="list reload failed, using old list"

2013:05:24-19:53:25 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-19:53:25 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Attempted to retrieve control list serial number but no control list is loaded"

2013:05:24-19:53:25 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="719" message="list version: 40040"

2013:05:24-20:06:59 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="713" message="reloading list"

2013:05:24-20:07:01 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-20:07:01 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="715" message="list reload failed, using old list"

2013:05:24-20:07:03 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-20:07:03 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Attempted to retrieve control list serial number but no control list is loaded"

2013:05:24-20:07:03 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="719" message="list version: 40040"

2013:05:24-20:20:36 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="713" message="reloading list"

2013:05:24-20:20:39 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-20:20:39 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="715" message="list reload failed, using old list"

2013:05:24-20:20:41 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-20:20:41 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Attempted to retrieve control list serial number but no control list is loaded"

2013:05:24-20:20:41 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="719" message="list version: 40040"

2013:05:24-20:34:15 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="713" message="reloading list"

2013:05:24-20:34:17 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-20:34:17 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="715" message="list reload failed, using old list"

2013:05:24-20:34:19 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-20:34:19 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Attempted to retrieve control list serial number but no control list is loaded"

2013:05:24-20:34:19 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="719" message="list version: 40040"

2013:05:24-20:47:55 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="713" message="reloading list"

2013:05:24-20:47:57 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-20:47:57 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="715" message="list reload failed, using old list"

2013:05:24-20:47:59 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-20:47:59 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Attempted to retrieve control list serial number but no control list is loaded"

2013:05:24-20:47:59 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="719" message="list version: 40040"

2013:05:24-21:01:35 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="713" message="reloading list"

2013:05:24-21:01:37 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-21:01:37 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="715" message="list reload failed, using old list"

2013:05:24-21:01:39 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-21:01:39 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Attempted to retrieve control list serial number but no control list is loaded"

2013:05:24-21:01:39 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="719" message="list version: 40040"

2013:05:24-21:15:15 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="713" message="reloading list"

2013:05:24-21:15:17 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-21:15:17 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="715" message="list reload failed, using old list"

2013:05:24-21:15:20 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-21:15:20 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Attempted to retrieve control list serial number but no control list is loaded"

2013:05:24-21:15:20 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="719" message="list version: 40040"

2013:05:24-21:28:54 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="713" message="reloading list"

2013:05:24-21:28:56 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-21:28:56 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="715" message="list reload failed, using old list"

2013:05:24-21:28:59 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Unable to allocate 394515168 bytes for control list"

2013:05:24-21:28:59 home httpproxy[6149]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1113" message="Attempted to retrieve control list serial number but no control list is loaded"



version info from home 

loginuser@home:/var/log > version



Current software version...: 9.100016

Hardware type..............: Software Appliance

Installation image.........: 8.930-11.1

Installation type..........: asg

Installed pattern version..: 45986

Downloaded pattern version.: 45986

Up2Dates applied...........: 22 (see below)

                             sys-8.930-8.935-11.2.1.tgz (Apr 25  2012)

                             sys-8.935-8.940-2.13.2.tgz (Apr 26  2012)

                             sys-8.940-8.940-13.16.1.tgz (Apr 30  2012)

                             sys-8.940-8.950-16.12.2.tgz (May 10  2012)

                             sys-8.950-8.951-12.1.2.tgz (May 16  2012)

                             sys-8.951-8.960-1.9.2.tgz (May 29  2012)

                             sys-8.960-8.965-9.7.1.tgz (May 31  2012)

                             sys-8.965-8.970-7.7.1.tgz (Jun 21  2012)

                             sys-8.970-8.980-7.7.1.tgz (Jun 21  2012)

                             sys-8.980-9.000-7.8.1.tgz (Jun 30  2012)

                             sys-9.000-9.001-8.18.1.tgz (Aug 13  2012)

                             sys-9.001-9.002-18.12.1.tgz (Sep 11  2012)

                             sys-9.002-9.003-12.15.1.tgz (Oct 16  2012)

                             sys-9.003-9.003-15.16.4.tgz (Oct 16  2012)

                             sys-9.003-9.004-15.29.1.tgz (Oct 31  2012)

                             sys-9.004-9.004-29.33.1.tgz (Nov 16  2012)

                             sys-9.004-9.004-33.34.1.tgz (Dec 23 12:44)

                             sys-9.004-9.005-29.15.2.tgz (Mar  7 21:15)

                             sys-9.005-9.005-15.16.1.tgz (Mar  7 21:15)

                             sys-9.005-9.006-15.5.2.tgz (Mar 28 20:23)

                             sys-9.006-9.100-5.8.1.tgz (Apr 25 21:33)

                             sys-9.100-9.100-8.16.1.tgz (May 16 21:42)

Up2Dates available.........: 0

Factory resets.............: 0

Timewarps detected.........: 0



top, sorted by memory 

top - 22:39:51 up 8 days, 56 min,  2 users,  load average: 0.43, 0.70, 0.66

Tasks: 148 total,   1 running, 145 sleeping,   0 stopped,   2 zombie

Cpu0  :  4.8%us,  4.8%sy,  0.0%ni, 90.5%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st

Cpu1  :  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st

Mem:   4042968k total,  3902352k used,   140616k free,    43648k buffers

Swap:  1048572k total,   637196k used,   411376k free,  1558876k cached



  PID USER      PR  NI  VIRT  RES  SHR S   %CPU %MEM    TIME+  COMMAND

 6149 httpprox  20   0 3758m 1.6g 8816 S      0 40.4 244:43.02 httpproxy

 5100 snort     19  -1  474m 198m 1272 S      0  5.0 411:51.07 snort_inline

 4924 snort     19  -1  473m 157m 1244 S      0  4.0  85:12.03 snort_inline

 3548 postgres  20   0  560m 117m 117m S      0  3.0   0:47.43 postgres

15536 postgres  20   0  564m  73m  71m S      0  1.9   1:03.42 postgres

14755 wwwrun    20   0 59592  56m 7700 S      0  1.4   1:07.32 webadmin.plx

 4345 postgres  20   0  563m  48m  46m S      0  1.2  17:40.96 postgres

26111 wwwrun    20   0 36188  26m  764 S      0  0.7   0:01.82 index.plx

 3546 postgres  20   0  560m  24m  24m S      0  0.6   0:50.42 postgres

14762 root      20   0 47612  19m 2576 S      0  0.5   0:27.49 confd.plx


This thread was automatically locked due to age.
Parents
  • 0
    Hi ,

    Don't be so angry :-)
    I just told you its not official supported , it does not mean its not working .
    About future release , I a can't tell nothing cause I am not working in Sophos :-).
    There were some bugs that were fixed with the local DB in this Ver so in fact that prove that even tough it is not officially they still know people are working with and they are assisting it.
    The UTM its a real great product and it has lots of great features , changing it will be your decision but don't think other product won't have problems.
    About the reboot , no the DB do not have to be downloaded again after reboot.

    All my best.
Reply
  • 0
    Hi ,

    Don't be so angry :-)
    I just told you its not official supported , it does not mean its not working .
    About future release , I a can't tell nothing cause I am not working in Sophos :-).
    There were some bugs that were fixed with the local DB in this Ver so in fact that prove that even tough it is not officially they still know people are working with and they are assisting it.
    The UTM its a real great product and it has lots of great features , changing it will be your decision but don't think other product won't have problems.
    About the reboot , no the DB do not have to be downloaded again after reboot.

    All my best.
Children
No Data