Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 16274 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error in Application Control logs

TheBalmasque 
Hi,

since 10.05.16 I am experiencing some strange errors in my Application Control logs: 

2016:05:20-13:01:42 utm-server afcd[27428]: vy_plugin: E: failed to parse DNS RR in answer section of length 16 at offset 4 [C0 33 00 01 80 01 00 00 00 78 00 04 C0 A8 B2 3C], unsupported resource records class (Resource temporarily unavailable)
2016:05:20-13:01:42 utm-server afcd[27428]: vy_plugin: E: failed to parse DNS RR in answer section of length 28 at offset 4 [C0 33 00 1C 80 01 00 00 00 78 00 10 FE 80 00 00 00 00 00 00 55 A6 D1 DD CB 2D CC 98], unsupported resource records class (Resource temporarily unavailable)
2016:05:20-13:01:42 utm-server afcd[27428]: vy_plugin: E: failed to parse DNS RR in additional section of length 18 at offset 4 [C0 0C 00 2F 80 01 00 00 00 78 00 06 C0 0C 00 02 00 08], unsupported resource records class (Resource temporarily unavailable)

I think this all started with the upgrade to UTM version 9.402-7.
Is someone experiancing the same issues?


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Do you have any configuration for Request Route in UTM. Go to, Network Services>DNS>Request route.

    The error logs can be observed when UTM is not able to resolve the request routes.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hello Sachin Gurung,

    thank you very much for your help. I have just configured the proxy settings like you recommend me. I will report later if the issue is solved.

  • 0 in reply to TheBalmasque

    Hello,

    i am afraid the issue is not solved. Even after the update to version 9.403-4 there are the same errors in the logs. 

    Here is another summary of my current logs:

    2016:05:26-09:20:41 utm-server afcd[9645]: vy_plugin: N: finalizing vineyard thread
2016:05:26-09:20:41 utm-server afcd[9645]: STATUS: alert_lvl="GREEN" run_time=4506 num_cts=0 pktps_avg=69.49 pktps_avg_max=106.20 skipped_pktps_avg=0.00 skipped_pktps_avg_max=2.00 connps_avg=7.59 connps_avg_max=13.17 rusage_sys=2.492 rusage_usr=1.620
2016:05:26-09:20:41 utm-server afcd[9645]:  BONJOUR (nfmark 0000050c):     15 packets,   0 connections
2016:05:26-09:20:41 utm-server afcd[9645]:     CIFS (nfmark 00000048):    137 packets,   6 connections
2016:05:26-09:20:41 utm-server afcd[9645]:     DHCP (nfmark 00000075):      4 packets,   4 connections
2016:05:26-09:20:41 utm-server afcd[9645]:      DNS (nfmark 0000007c):   3278 packets, 1574 connections
2016:05:26-09:20:41 utm-server afcd[9645]:      GCM (nfmark 0000042b):      3 packets,   3 connections
2016:05:26-09:20:41 utm-server afcd[9645]:    GMAIL (nfmark 000000ad):     39 packets,  13 connections
2016:05:26-09:20:41 utm-server afcd[9645]: GOOGANAL (nfmark 000000af):      7 packets,   7 connections
2016:05:26-09:20:41 utm-server afcd[9645]: GOOGAPIS (nfmark 000000b0):      6 packets,   6 connections
2016:05:26-09:20:41 utm-server afcd[9645]: GOOGDOCS (nfmark 000000b4):      2 packets,   2 connections
2016:05:26-09:20:41 utm-server afcd[9645]:   GOOGLE (nfmark 000000b6):     44 packets,  44 connections
2016:05:26-09:20:41 utm-server afcd[9645]: GOOGPLUS (nfmark 0000024c):      5 packets,   5 connections
2016:05:26-09:20:41 utm-server afcd[9645]: HOTSPTSH (nfmark 00000432):      8 packets,   8 connections
2016:05:26-09:20:41 utm-server afcd[9645]:     HTTP (nfmark 000000d3):   1066 packets,  54 connections
2016:05:26-09:20:41 utm-server afcd[9645]: NTBIOSNS (nfmark 00000441):    103 packets, 103 connections
2016:05:26-09:20:41 utm-server afcd[9645]:      NTP (nfmark 0000015d):      8 packets,   8 connections
2016:05:26-09:20:41 utm-server afcd[9645]:    SKYPE (nfmark 000001c0):    227 packets,  26 connections
2016:05:26-09:20:41 utm-server afcd[9645]:     SOAP (nfmark 000004b0):   4835 packets, 506 connections
2016:05:26-09:20:41 utm-server afcd[9645]: SOPHBROK (nfmark 00000318):      9 packets,   9 connections
2016:05:26-09:20:41 utm-server afcd[9645]:     SSDP (nfmark 000001d7):     66 packets,  66 connections
2016:05:26-09:20:41 utm-server afcd[9645]:      SSL (nfmark 000001d9):     72 packets,  18 connections
2016:05:26-09:20:41 utm-server afcd[9645]:   TEREDO (nfmark 00000238):     40 packets,   0 connections
2016:05:26-09:20:41 utm-server afcd[9645]: WSDSCVRY (nfmark 000004b6):      9 packets,   9 connections
2016:05:26-09:20:41 utm-server afcd[9645]: packets: 15516 (15173 inspected, 52 skipped)
2016:05:26-09:20:41 utm-server afcd[9645]: connections: 3472 (2471 classified)
2016:05:26-09:20:41 utm-server afcd[18558]: _afc_cfg_file_plugin_parse: 1415 protocols registered
2016:05:26-09:20:41 utm-server afcd[18558]: vy_plugin: N: aptp: threaddata loaded from /var/chroot-afc/etc/aptpdata
2016:05:26-09:20:41 utm-server afcd[18558]: loaded plugin '/var/sec/chroot-afc/lib/afc/vineyard.so'
2016:05:26-09:20:41 utm-server afcd[18558]: _afc_cfg_file_plugin_parse: 1415 protocols registered
2016:05:26-09:20:41 utm-server afcd[18587]: AFC ready.
2016:05:26-09:48:18 utm-server afcd[18587]: vy_plugin: E: failed to parse DNS qname: Resource temporarily unavailable in proto 17 packet of size 89 from 192.168.178.56:5353 to 224.0.0.251:5353 [45 00 00 59 00 00 40 00 FF 11 27 B7 C0 A8 B2 38 E0 00 00 FB 14 E9 14 E9 00 45 80 8F 00 00 00 00 00 02 00 00 00 00 00 00 09 5F 32 33 33 36 33 37 44 45 04 5F 73 75 62 0B 5F 67 6F 6F 67 6C 65 63 61 73 74 04 5F 74 63 70 05 6C 6F 63 61 6C 00 00 0C 80 01 C0 1B 00 0C 80 01]
2016:05:26-09:48:19 utm-server afcd[18587]: vy_plugin: E: failed to parse DNS qname: Resource temporarily unavailable in proto 17 packet of size 89 from 192.168.178.56:5353 to 224.0.0.251:5353 [45 00 00 59 00 00 40 00 FF 11 27 B7 C0 A8 B2 38 E0 00 00 FB 14 E9 14 E9 00 45 81 8F 00 00 00 00 00 02 00 00 00 00 00 00 09 5F 32 33 33 36 33 37 44 45 04 5F 73 75 62 0B 5F 67 6F 6F 67 6C 65 63 61 73 74 04 5F 74 63 70 05 6C 6F 63 61 6C 00 00 0C 00 01 C0 1B 00 0C 00 01]
2016:05:26-09:48:20 utm-server afcd[18587]: vy_plugin: E: failed to parse DNS qname: Resource temporarily unavailable in proto 17 packet of size 89 from 192.168.178.56:5353 to 224.0.0.251:5353 [45 00 00 59 00 00 40 00 FF 11 27 B7 C0 A8 B2 38 E0 00 00 FB 14 E9 14 E9 00 45 81 8F 00 00 00 00 00 02 00 00 00 00 00 00 09 5F 32 33 33 36 33 37 44 45 04 5F 73 75 62 0B 5F 67 6F 6F 67 6C 65 63 61 73 74 04 5F 74 63 70 05 6C 6F 63 61 6C 00 00 0C 00 01 C0 1B 00 0C 00 01]

    As you can see the application module work properly but there are some sporadically occuring issues as described above.
Reply
  • 0 in reply to TheBalmasque

    Hello,

    i am afraid the issue is not solved. Even after the update to version 9.403-4 there are the same errors in the logs. 

    Here is another summary of my current logs:

    2016:05:26-09:20:41 utm-server afcd[9645]: vy_plugin: N: finalizing vineyard thread
2016:05:26-09:20:41 utm-server afcd[9645]: STATUS: alert_lvl="GREEN" run_time=4506 num_cts=0 pktps_avg=69.49 pktps_avg_max=106.20 skipped_pktps_avg=0.00 skipped_pktps_avg_max=2.00 connps_avg=7.59 connps_avg_max=13.17 rusage_sys=2.492 rusage_usr=1.620
2016:05:26-09:20:41 utm-server afcd[9645]:  BONJOUR (nfmark 0000050c):     15 packets,   0 connections
2016:05:26-09:20:41 utm-server afcd[9645]:     CIFS (nfmark 00000048):    137 packets,   6 connections
2016:05:26-09:20:41 utm-server afcd[9645]:     DHCP (nfmark 00000075):      4 packets,   4 connections
2016:05:26-09:20:41 utm-server afcd[9645]:      DNS (nfmark 0000007c):   3278 packets, 1574 connections
2016:05:26-09:20:41 utm-server afcd[9645]:      GCM (nfmark 0000042b):      3 packets,   3 connections
2016:05:26-09:20:41 utm-server afcd[9645]:    GMAIL (nfmark 000000ad):     39 packets,  13 connections
2016:05:26-09:20:41 utm-server afcd[9645]: GOOGANAL (nfmark 000000af):      7 packets,   7 connections
2016:05:26-09:20:41 utm-server afcd[9645]: GOOGAPIS (nfmark 000000b0):      6 packets,   6 connections
2016:05:26-09:20:41 utm-server afcd[9645]: GOOGDOCS (nfmark 000000b4):      2 packets,   2 connections
2016:05:26-09:20:41 utm-server afcd[9645]:   GOOGLE (nfmark 000000b6):     44 packets,  44 connections
2016:05:26-09:20:41 utm-server afcd[9645]: GOOGPLUS (nfmark 0000024c):      5 packets,   5 connections
2016:05:26-09:20:41 utm-server afcd[9645]: HOTSPTSH (nfmark 00000432):      8 packets,   8 connections
2016:05:26-09:20:41 utm-server afcd[9645]:     HTTP (nfmark 000000d3):   1066 packets,  54 connections
2016:05:26-09:20:41 utm-server afcd[9645]: NTBIOSNS (nfmark 00000441):    103 packets, 103 connections
2016:05:26-09:20:41 utm-server afcd[9645]:      NTP (nfmark 0000015d):      8 packets,   8 connections
2016:05:26-09:20:41 utm-server afcd[9645]:    SKYPE (nfmark 000001c0):    227 packets,  26 connections
2016:05:26-09:20:41 utm-server afcd[9645]:     SOAP (nfmark 000004b0):   4835 packets, 506 connections
2016:05:26-09:20:41 utm-server afcd[9645]: SOPHBROK (nfmark 00000318):      9 packets,   9 connections
2016:05:26-09:20:41 utm-server afcd[9645]:     SSDP (nfmark 000001d7):     66 packets,  66 connections
2016:05:26-09:20:41 utm-server afcd[9645]:      SSL (nfmark 000001d9):     72 packets,  18 connections
2016:05:26-09:20:41 utm-server afcd[9645]:   TEREDO (nfmark 00000238):     40 packets,   0 connections
2016:05:26-09:20:41 utm-server afcd[9645]: WSDSCVRY (nfmark 000004b6):      9 packets,   9 connections
2016:05:26-09:20:41 utm-server afcd[9645]: packets: 15516 (15173 inspected, 52 skipped)
2016:05:26-09:20:41 utm-server afcd[9645]: connections: 3472 (2471 classified)
2016:05:26-09:20:41 utm-server afcd[18558]: _afc_cfg_file_plugin_parse: 1415 protocols registered
2016:05:26-09:20:41 utm-server afcd[18558]: vy_plugin: N: aptp: threaddata loaded from /var/chroot-afc/etc/aptpdata
2016:05:26-09:20:41 utm-server afcd[18558]: loaded plugin '/var/sec/chroot-afc/lib/afc/vineyard.so'
2016:05:26-09:20:41 utm-server afcd[18558]: _afc_cfg_file_plugin_parse: 1415 protocols registered
2016:05:26-09:20:41 utm-server afcd[18587]: AFC ready.
2016:05:26-09:48:18 utm-server afcd[18587]: vy_plugin: E: failed to parse DNS qname: Resource temporarily unavailable in proto 17 packet of size 89 from 192.168.178.56:5353 to 224.0.0.251:5353 [45 00 00 59 00 00 40 00 FF 11 27 B7 C0 A8 B2 38 E0 00 00 FB 14 E9 14 E9 00 45 80 8F 00 00 00 00 00 02 00 00 00 00 00 00 09 5F 32 33 33 36 33 37 44 45 04 5F 73 75 62 0B 5F 67 6F 6F 67 6C 65 63 61 73 74 04 5F 74 63 70 05 6C 6F 63 61 6C 00 00 0C 80 01 C0 1B 00 0C 80 01]
2016:05:26-09:48:19 utm-server afcd[18587]: vy_plugin: E: failed to parse DNS qname: Resource temporarily unavailable in proto 17 packet of size 89 from 192.168.178.56:5353 to 224.0.0.251:5353 [45 00 00 59 00 00 40 00 FF 11 27 B7 C0 A8 B2 38 E0 00 00 FB 14 E9 14 E9 00 45 81 8F 00 00 00 00 00 02 00 00 00 00 00 00 09 5F 32 33 33 36 33 37 44 45 04 5F 73 75 62 0B 5F 67 6F 6F 67 6C 65 63 61 73 74 04 5F 74 63 70 05 6C 6F 63 61 6C 00 00 0C 00 01 C0 1B 00 0C 00 01]
2016:05:26-09:48:20 utm-server afcd[18587]: vy_plugin: E: failed to parse DNS qname: Resource temporarily unavailable in proto 17 packet of size 89 from 192.168.178.56:5353 to 224.0.0.251:5353 [45 00 00 59 00 00 40 00 FF 11 27 B7 C0 A8 B2 38 E0 00 00 FB 14 E9 14 E9 00 45 81 8F 00 00 00 00 00 02 00 00 00 00 00 00 09 5F 32 33 33 36 33 37 44 45 04 5F 73 75 62 0B 5F 67 6F 6F 67 6C 65 63 61 73 74 04 5F 74 63 70 05 6C 6F 63 61 6C 00 00 0C 00 01 C0 1B 00 0C 00 01]

    As you can see the application module work properly but there are some sporadically occuring issues as described above.
Children
Unfiltered HTML