The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
When running 'pmx-logsearch', you get a "408 User-agent timeout" error, like the following:
pmx@striatum:> pmx-logsearch --email@example.com We were unable to query remote servers: https://192.168.1.111:28443/services/logsearch/query?count=10&offset=0&to=john@sophos%5C.com: 408 User-agent timeout (select) Your search did not return any results.
First seen in PureMessage for Unix
This error means that the amount of time that 'pmx-logsearch' has been waiting for a response from the remote server has exceeded the value of 'remote_search_timeout' (from /opt/pmx/etc/logsearch.conf). This value defaults to 10 seconds.
The usual reason for this is that the /opt/pmx/var/log/search folder on the remote server has grown too large to be searched fast enough. If this is the case, then after starting a new search, you should be able to see 'pmx-grep' or similar utilities (see /opt/pmx/etc/product.conf) running on the remote server. These utilities are used to search the /opt/pmx/var/log/search directory tree.
In this situation, there are a few possible remedies by changing the values in /opt/pmx/etc/logsearch.conf:
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.