This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error Filling http.log directory in UTM 9

I have a ticket open with Sophos Support, but thought I would put it out to the support community also. After the latest update (9.510-5), we started filling our http.log file with the following error:

2018:08:30-08:44:20 ansophos httpproxy[5511]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x3539ca00" function="read_winbindd_response" file="auth_adir.c" line="239" message="epoll_read_until: Transport endpoint is not connected"

Has anyone seen this before? I have removed he UTM from the domain and rejoined it but it still has not resolved the issue. 



This thread was automatically locked due to age.
Parents
  •  I have to report the same issue.
     SG210 in HA cluster. 9.510-5

     Active node:
     /var/log/http/2018/12/http-2018-12-10.log   105Gb
     
      Passive node:
      /var/log/http/2018/12/http-2018-12-10.log   109Gb
     
    PowerShell tries to count how many lines are contained in the file almost 1 hour. But still did't finish.

Reply
  •  I have to report the same issue.
     SG210 in HA cluster. 9.510-5

     Active node:
     /var/log/http/2018/12/http-2018-12-10.log   105Gb
     
      Passive node:
      /var/log/http/2018/12/http-2018-12-10.log   109Gb
     
    PowerShell tries to count how many lines are contained in the file almost 1 hour. But still did't finish.

Children
  • Anyone who is experiencing this problem please contact Sophos Support and reference NUTM-10390.

  • I am working with Sophos today on this issue. It has been escalated. Seeing some issues with multiple domains and windbind timing out. 

  • Hello,

    we had this issue at: 21.12.2018 

    Our System:

    Two Sophos SG330 with Firmware-Version: 9.510-5

    Both are running in HA-Mode: Hot Standby (active-passive)

     

    The http.log shows thousands of lines and the http.log raised up to 20 GB....:

    2018:12:21-11:37:57 fw-1 httpproxy[17523]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd1a69e00" function="read_winbindd_response" file="auth_adir.c" line="239" message="epoll_read_until: Transport endpoint is not connected"
    2018:12:21-11:37:57 fw-1 httpproxy[17523]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd4cef800" function="read_winbindd_response" file="auth_adir.c" line="239" message="epoll_read_until: Transport endpoint is not connected"
    2018:12:21-11:37:57 fw-1 httpproxy[17523]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd4cef800" function="read_winbindd_response" file="auth_adir.c" line="239" message="epoll_read_until: Transport endpoint is not connected"
    2018:12:21-11:37:57 fw-1 httpproxy[17523]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd4cef800" function="read_winbindd_response" file="auth_adir.c" line="239" message="epoll_read_until: Transport endpoint is not connected"
    2018:12:21-11:37:57 fw-1 httpproxy[17523]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd4cef800" function="read_winbindd_response" file="auth_adir.c" line="239" message="epoll_read_until: Transport endpoint is not connected"
    2018:12:21-11:37:57 fw-1 httpproxy[17523]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd4cef800" function="read_winbindd_response" file="auth_adir.c" line="239" message="epoll_read_until: Transport endpoint is not connected"
    2018:12:21-11:37:57 fw-1 httpproxy[17523]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd4cef800" function="read_winbindd_response" file="auth_adir.c" line="239" message="epoll_read_until: Transport endpoint is not connected"
    2018:12:21-11:37:57 fw-1 httpproxy[17523]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd4cef800" function="read_winbindd_response" file="auth_adir.c" line="239" message="epoll_read_until: Transport endpoint is not connected"

  • My understanding of this issue is that it is related to HA clusters.  Potentially restarting all node in the cluster will resolve.  As stated above, you can contact support referencing NUTM-10390 for assistance.  This is scheduled to be resolved in the next release, UTM 9.6 MR1.