SFOS SFOS 19.0.1 MR-1-Build350 : Last pattern updates were on 11/08/2022 ?

Hi ali turki

It seems the Current version is up to date as per the snapshot shared, By default, patterns are updated automatically.

For more information check the link https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/PatternManage.html 

Thanks and Regards

Hi,

there appears to be an issue with the IPS updates breaking IPS on the XG and the AV updates have not updated for 4 days, that definitely is an issue. There should be at least one AV update a day if not more, this is from previous times this issue has been raised.

ian

same here!

We have the same problem - (SFOS 19.0.0 GA-Build317)

Nothing useful in your answer. Please read the question.

Hi Jiri Hadamek 

Please check by collecting logs might help to troubleshoot the issue and share with Sophos Support Team, below is the status from my home lab environment and observing the reported issue 

https://support.sophos.com/support/s/article/KB-000041274?language=en_US 

login as: admin
admin@172.16.16.16's password:

Sophos Firmware Version SFOS 19.0.1 MR-1-Build365

Main Menu

1. Network Configuration
2. System Configuration
3. Route Configuration
4. Device Console
5. Device Management
6. VPN Management
7. Shutdown/Reboot Device
0. Exit

Select Menu Number [0-7]: 5

Sophos Firmware Version SFOS 19.0.1 MR-1-Build365

Device Management

1. Reset to Factory Defaults
2. Show Firmware(s)
3. Advanced Shell
4. Flush Device Reports
0. Exit

Select Menu Number [0-4]: 3

Sophos Firewall
===============
(C) Copyright 2000-2022 Sophos Limited and others. All rights reserved.
Sophos is a registered trademark of Sophos Limited and Sophos Group.
All other product and company names mentioned are trademarks or registered
trademarks of their respective owners.

For Sophos End User Terms of Use - www.sophos.com/.../sophos-end -user-terms-of-use.aspx

NOTE: If not explicitly approved by Sophos support, any modifications
done through this option will void your support.

SFVUNL_KV01_SFOS 19.0.1 MR-1-Build365# tail -f /log/up2date_av.log
2022-08-16 07:56:51Z: avd still loading signature
2022-08-16 07:56:53Z: New avira4 full update successfully done
2022-08-16 07:57:38Z: Got the lock for updating savi (savi_17993.tar.gz)
2022-08-16 07:57:42Z:Installing Full sophos update
2022-08-16 07:57:42Z: avd still loading signature
2022-08-16 07:57:44Z: avd still loading signature
2022-08-16 07:57:46Z: avd still loading signature
2022-08-16 07:57:48Z: avd still loading signature
2022-08-16 07:57:50Z: avd still loading signature
2022-08-16 07:57:52Z: New savi full update successfully done
^C
SFVUNL_KV01_SFOS 19.0.1 MR-1-Build365# tail -f /log/ips.log
2022-08-16T07:54:48.353688Z [ 3966] csigno_handler: got signal 57
3967 get signal 64
2022-08-16T07:54:48.353730Z [ 3966] tlv 1 done
2022-08-16T07:54:48.353718Z [ 3967] csigno_handler: got signal 57
2022-08-16T07:54:48.353754Z [ 3967] tlv 1 done
2022-08-16T07:54:48.353805Z [ 3589] reply(3966) 0
2022-08-16T07:54:48.353812Z [ 3589] reply(3967) 0
2022-08-16T07:54:48.353817Z [ 3589] REPLY 0 SUCCESS
2022-08-16T07:54:48.353850Z [ 3589] tlv 1 done
2022-08-16T07:54:48.353863Z [ 3567] REPLY 0 SUCCESS
^C
SFVUNL_KV01_SFOS 19.0.1 MR-1-Build365# tail -f /log/sig_upgrade.log
200 OK
Mon Aug 15 13:02:28 2022Z:3357:main:SIG upgrade : start
Mon Aug 15 13:02:29 2022Z:2259:execute_script:executing /scripts/ips/ips_pre_install.sh 18 18 0
Mon Aug 15 13:02:43 2022Z:3069:get_intsig_platform_profile:Platform: Standard PC (i440FX + PIIX, 1996), Profile: Profile
Mon Aug 15 13:02:43 2022Z:112:json_parse:Profile Name: Profile
Mon Aug 15 13:02:43 2022Z:2896:get_ram_size:RAM Size: 4GB
Mon Aug 15 13:02:43 2022Z:3007:print_signature_profile_data:rule priority profile details profile-name SMALL RAM range 0-23 gb rule priority list [1,2]
Mon Aug 15 13:02:45 2022Z:3645:main:Master upgrade ,remove existing so files
Mon Aug 15 13:02:46 2022Z:2259:execute_script:executing /scripts/ips/ips_post_install.sh 18 18 0
Mon Aug 15 13:02:56 2022Z:3784:clean_exit:SIG upgrade exit <ips signature upgrade applied successfully>
^C
SFVUNL_KV01_SFOS 19.0.1 MR-1-Build365# tail -f /log/sigmigration.log
Stopping database
3953 2022-08-16 07:50:51.548 GMTLOG: received fast shutdown request
3953 2022-08-16 07:50:51.548 GMTLOG: aborting any active transactions
3967 2022-08-16 07:50:51.548 GMTLOG: received fast shutdown request
3967 2022-08-16 07:50:51.548 GMTLOG: aborting any active transactions
3970 2022-08-16 07:50:51.549 GMTLOG: shutting down
3956 2022-08-16 07:50:51.549 GMTLOG: shutting down
3970 2022-08-16 07:50:51.582 GMTLOG: database system is shut down
3956 2022-08-16 07:50:51.649 GMTLOG: database system is shut down
2022-08-16 07:50:52.590 GMT : Database stopped after 1 seconds
^[`^C
SFVUNL_KV01_SFOS 19.0.1 MR-1-Build365# tail -f /log/u2d.log
DEBUG 2022-08-16 08:04:29Z [9809]: --port = 443
DEBUG 2022-08-16 08:04:29Z [9809]: Added new server : Host - u2d.sophos.com, Port - 443
DEBUG 2022-08-16 08:04:29Z [9809]: --u2d_proto = 2.00
DEBUG 2022-08-16 08:04:29Z [9809]: Final query string is :
?&serialkey=C0100198XYTV4F2&deviceid=d03b0955-de65-4c05-a157-ede275e2fb5e&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=KV01&useragent=SF&oem=Sophos&pkg_sysupdate_version=0&u2d_proto=2.00
DEBUG 2022-08-16 08:04:29Z [9809]: Response code : 200
DEBUG 2022-08-16 08:04:29Z [9809]: Response body :
<Up2Date/>

DEBUG 2022-08-16 08:04:29Z [9809]: Response length : 11
^[[A^?^?^?^?^?^?^C
SFVUNL_KV01_SFOS 19.0.1 MR-1-Build365# tail -f /log/licensing.log
INFO Aug 16 07:54:52Z [4147980032]: --requestType = 8
INFO Aug 16 07:54:52Z [4147980032]: --serial = C0100198XYTV4F2
INFO Aug 16 07:54:52Z [4147980032]: --fwversion = 19.0.1.365
INFO Aug 16 07:54:52Z [4147980032]: --cert = /content/licensing/lic_csr.pem
INFO Aug 16 07:54:52Z [4147980032]: --key = /content/licensing/lic_csr.key
INFO Aug 16 07:54:52Z [4147980032]: --token = Token-Id:C0100198XYTV4F2
INFO Aug 16 07:54:52Z [4147980032]: URL : eu-prod-utm.soa.sophos.com/.../appliance
INFO Aug 16 07:54:52Z [4147980032]: licensing_do_applianceupdate : request : { "serialNumber": "C0100198XYTV4F2", "applianceAttributes": [ { "name": "firmwareVersion", "value": "19.0.1.365" } ] }
INFO Aug 16 07:54:55Z [4147980032]: response : {"trackingId":"8284e3db-ef6d-44ca-80e2-8e23f7f2cc21","statusCode":200,"errorCode":"ITSERVICELAYER_SUCCESS","message":"Appliance updated successfully.","data":{"serialNumber":"C0100198XYTV4F2"}}
INFO Aug 16 07:54:55Z [4147980032]: Appliance updated successfully...:

Regards

Please edit and hide your serial number.

ian

I paste here some tails from our firewall´s LOGs. Serial, license and identity keysand similar values are  purporsely mangled.

After several repated "Update now " action some patterns are updated, but many are older than it have to be. Some are even unchanged from time of instalation.

I am unable to send all LOG files due error NC-94291 with SFV4C6_VM01_SFOS 19.0.0 GA-Build317 - small /var.  It had to be fixed in build 350, but this REQUIRE reinstall of firewall (backup, install, restore) . I am unable to reinstall it now (firewall is for  100+ devices)

tail -f /log/up2date_av.log
2022-08-16 07:31:27Z: updating /sdisk/savi/engine signatures
2022-08-16 07:31:28Z: updating /sdisk/savi/vdl signatures
2022-08-16 07:31:29Z: avd still loading signature
2022-08-16 07:31:31Z: avd still loading signature
2022-08-16 07:31:33Z: avd still loading signature
2022-08-16 07:31:35Z: avd still loading signature
2022-08-16 07:31:37Z: avd still loading signature
2022-08-16 07:31:39Z: avd still loading signature
2022-08-16 07:31:41Z: avd still loading signature
2022-08-16 07:31:43Z: New savi incremental update successfully done

tail -f /log/ips.log
garner: connect(/tmp/garner.sock) failed: Resource temporarily unavailable
2022-08-16T08:47:29.599425Z [29183] gr io failed :app 3555 retry 2
garner: connect(/tmp/garner.sock) failed: Resource temporarily unavailable
2022-08-16T08:47:29.599443Z [29183] gr io failed :app 3555 retry 3
garner: connect(/tmp/garner.sock) failed: Resource temporarily unavailable
2022-08-16T08:47:29.610620Z [29185] gr io failed :app 3555 retry 1
garner: connect(/tmp/garner.sock) failed: Resource temporarily unavailable
2022-08-16T08:47:29.610647Z [29185] gr io failed :app 3555 retry 2
garner: connect(/tmp/garner.sock) failed: Resource temporarily unavailable
2022-08-16T08:47:29.610666Z [29185] gr io failed :app 3555 retry 3

tail -f /log/sig_upgrade.log
200 OK
Wed Aug 10 17:30:28 2022Z:3338:main:SIG upgrade : start
Wed Aug 10 17:30:29 2022Z:2247:execute_script:executing /scripts/ips/ips_pre_install.sh 18 18 0
Wed Aug 10 17:30:38 2022Z:3057:get_intsig_platform_profile:Platform: VMware Virtual Platform, Profile: Profile
Wed Aug 10 17:30:38 2022Z:112:json_parse:Profile Name: Profile
Wed Aug 10 17:30:38 2022Z:2884:get_ram_size:RAM Size: 6GB
Wed Aug 10 17:30:38 2022Z:2995:print_signature_profile_data:rule priority profile details profile-name SMALL RAM range 0-23 gb rule priority list [1,2]
Wed Aug 10 17:30:39 2022Z:3626:main:Master upgrade ,remove existing so files
Wed Aug 10 17:30:40 2022Z:2247:execute_script:executing /scripts/ips/ips_post_install.sh 18 18 0
Wed Aug 10 17:31:25 2022Z:3765:clean_exit:SIG upgrade exit <ips signature upgrade applied successfully>

tail -f /log/sigmigration.log - file doesn´t exist

cat /log/sigmigration.log
SFV4C6_VM01_SFOS 19.0.0 GA-Build317#  tail -f /log/u2d.log
DEBUG     2022-08-16 08:43:04Z [29024]: --port = 443
DEBUG     2022-08-16 08:43:04Z [29024]: Added new server : Host - u2d.sophos.com, Port - 443
DEBUG     2022-08-16 08:43:04Z [29024]: --u2d_proto = 2.00
DEBUG     2022-08-16 08:43:04Z [29024]: Final query string is :
?&serialkey=xxxx&deviceid=xxxxxxx&fwversion=19.0.0.317&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=Sophos&pkg_sysupdate_version=10&central_mgmt=1.0&u2d_proto=2.00
DEBUG     2022-08-16 08:43:05Z [29024]: Response code : 200
DEBUG     2022-08-16 08:43:05Z [29024]: Response body :
<Up2Date/>

DEBUG     2022-08-16 08:43:05Z [29024]: Response length : 11

tail -f /log/licensing.log
INFO      Aug 15 15:28:53Z [4148406016]: --requestType = 2
INFO      Aug 15 15:28:53Z [4148406016]: --lastCheckCode = XXXX
INFO      Aug 15 15:28:53Z [4148406016]: --cert = /content/licensing/lic_csr.pem
INFO      Aug 15 15:28:53Z [4148406016]: --token = Token-Id:XXXXX
INFO      Aug 15 15:28:53Z [4148406016]: --key = /content/licensing/lic_csr.key
INFO      Aug 15 15:28:53Z [4148406016]: URL : eu-prod-utm.soa.sophos.com/.../license
INFO      Aug 15 15:28:54Z [4148406016]: response : {"trackingId":"XXXX","statusCode":200,"errorCode":"ITSERVICELAYER_SUCCESS","message":"License retrieved","data":{"contact":{"firstName":"IT","lastName":"Racom","email":"XXXX","city":"Nové Město na Moravě","state":"Česká Republika","company":"Racom","country":"CZECH REPUBLIC","countryCode":"CZ"},"deviceAttributes":[],"features":[{"feature":"EMAIL","featureDisplayName":"Email Protection","licenseName":"Email Protection","licenseKey":"LXXXX","status":"Active","startDate":"0001-01-01","expiryDate":"2023-05-15","type":"Purchased"},{"feature":"WAF","featureDisplayName":"Webserver Protection","licenseName":"Webserver Protection","licenseKey":"LXXXX","status":"Active","startDate":"0001-01-01","expiryDate":"2023-05-15","type":"Purchased"},{"feature":"ESUP","featureDisplayName":"Enhanced Support","licenseName":"Xstream Protection","licenseKey":"LXXXX","status":"Active","startDate":"0001-01-01","expiryDate":"2023-05-15","type":"Purchased"},{"feature":"WEB","featureDisplayName":"Web Protection","licenseName":"Xstream Protection","licenseKey":"LXXXX","status":"Active","startDate":"0001-01-01","expiryDate":"2023-05-15","type":"Purchased"},{"feature":"NET","featureDisplayName":"Network Protection","licenseName":"Xstream Protection","licenseKey":"LXXXX","status":"Active","startDate":"0001-01-01","expiryDate":"2023-05-15","type":"Purchased"},{"feature":"SAND","featureDisplayName":"Zero-Day Protection","licenseName":"Xstream Protection","licenseKey":"LXXXX","status":"Active","startDate":"0001-01-01","expiryDate":"2023-05-15","type":"Purchased"},{"feature":"CORCH","featureDisplayName":"Central Orchestration","licenseName":"Xstream Protection","licenseKey":"LXXXX","status":"Active","startDate":"0001-01-01","expiryDate":"2023-05-15","type":"Purchased"},{"feature":"BASE","featureDisplayName":"Appliance Base","licenseName":"SFV4C6","licenseKey":"LXXXX","status":"Active","startDate":"0001-01-01","expiryDate":"2999-12-31","type":"Purchased"}],"productAttributes":[{"name":"Cores","value":"4"},{"name":"RAM","value":"6GB"}],"lastCheckCode":"XXXX","serverDate":"2022-08-15"}}
INFO      Aug 15 15:28:54Z [4148406016]: license_check : License retrieved...
INFO      Aug 15 15:28:54Z [4148406016]: Received these licenses 383
INFO      Aug 15 15:28:54Z [4148406016]: product attributes found in response..

The latest release appears to have fixed the update issue.ian

Hi Jiri Hadamek 

Please check with firmware version SFOS 19.0.1 MR-1-Build365 

Regards