HA msync.log - many errors for "cmd 'ipset -D hostset" or "sesid:-1:evm slot has NULL for sd 10"

LHerzog 6 days ago

I've a new XGS HA A/P cluster running on v20.0.1. The cluster is a migration from a retired XG system. All is running and looks fine so far.

When checking logs, I found in the HA logs that this is filling with errors. Mostly the errors are always of the same type:

Fri Jun 21 18:35:32 2024:653114Z:3242:MAST:MAST:ERROR:event.c:566:handle_event: not found in get_evm2list() for sd 10
Fri Jun 21 18:35:32 2024:692530Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -A hostset wcfqdn,567,0,23.', cli_fd 10, serv_fd 11
Fri Jun 21 18:35:32 2024:696762Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -A hostset wcfqdn,1559,0,52', cli_fd 10, serv_fd 11
Fri Jun 21 18:35:37 2024:167965Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset wcfqdn,1559,0,52', cli_fd 10, serv_fd 11
Fri Jun 21 18:35:38 2024:533323Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset wcfqdn,1559,0,52', cli_fd 10, serv_fd 11
Fri Jun 21 18:35:39 2024:989615Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 12
Fri Jun 21 18:35:39 2024:994205Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 12
Fri Jun 21 18:35:40 2024:007395Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 12
Fri Jun 21 18:35:40 2024:015974Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -A hostset fqdn,580,0,52.92', cli_fd 12, serv_fd 13
Fri Jun 21 18:35:40 2024:025462Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:038884Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:043258Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset fqdn,580,0,52.92', cli_fd 10, serv_fd 11
Fri Jun 21 18:35:40 2024:043281Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 11
Fri Jun 21 18:35:40 2024:051793Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset fqdn,580,0,52.21', cli_fd 10, serv_fd 11
Fri Jun 21 18:35:40 2024:056171Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:065146Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:082952Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:104758Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:113369Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:121945Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:126222Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:130435Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:134911Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:139612Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset fqdn,1850,0,52.2', cli_fd 10, serv_fd 11
Fri Jun 21 18:35:40 2024:153000Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:204748Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset fqdn,1851,0,52.2', cli_fd 10, serv_fd 11
Fri Jun 21 18:35:40 2024:204769Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 11
Fri Jun 21 18:35:40 2024:299597Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Fri Jun 21 18:35:40 2024:303765Z:3242:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
..
..
..
Sat Jun 22 08:16:03 2024:453363Z:3229:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Sat Jun 22 08:16:03 2024:567705Z:3229:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset wcfqdn,342,0,17.', cli_fd 10, serv_fd 11
Sat Jun 22 08:16:03 2024:980847Z:3229:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Sat Jun 22 08:16:05 2024:496076Z:3229:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Sat Jun 22 08:16:05 2024:664210Z:3229:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -A hostset fqdn,1849,0,52.9', cli_fd 10, serv_fd 11
Sat Jun 22 08:16:06 2024:968134Z:3229:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Sat Jun 22 08:16:07 2024:026089Z:3229:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Sat Jun 22 08:16:07 2024:244968Z:3229:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 12
Sat Jun 22 08:16:09 2024:072476Z:3229:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset wcfqdn,417,0,213', cli_fd 10, serv_fd 11
Sat Jun 22 08:16:09 2024:072506Z:3229:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 11

Currently I have no physical access to the old appliance to check if these logs have been there before the migration.

So I'd like to know what's the reason for the errors and if it is an expected log behavior? Do you have it also in your HA cluster logs?

Edited TAGs
[edited by: Erick Jan at 3:08 AM (GMT -7) on 24 Jun 2024]

Top Replies

LHerzog 3 days ago in reply to LHerzog +1

I have found that log behavior for ipses messages on the old nodes that we replaced and also on all of our other active v20 nodes. this looks like "works as designed". though it looks like the sesid…

Parents

0 Vivek Jagad 4 days ago

Hi LHerzog ,

Thank you for reaching out to the community, apart from the errors is there any noticeable difference in the functionality of HA cluster, any misbehavior or settings not getting synchronized or aux unit going into the faulty state...etc ?

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 LHerzog 4 days ago in reply to Vivek Jagad

Hi Vivek,

no, I do not see vital problems currently.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Vivek Jagad 4 days ago in reply to LHerzog

that's interesting...

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 LHerzog 4 days ago in reply to Vivek Jagad

Vivek Jagad said:
that's interesting...

it is :-)

I've filed a support case: 07408979 / HA msync.log - many errors for "cmd 'ipset -D hostset" or "sesid:-1:evm slot has NULL for sd 10"
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Vivek Jagad 4 days ago in reply to LHerzog

Thank you for the case, will prioritize with our support team...

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 LHerzog 3 days ago in reply to Vivek Jagad

Thanks. They want to know if changes get synced to the other node. I will check that.

Besides it would be great if someone can post a snip of their HA msync.log - if it's the same most likely it is a cosmetical thing, if not...?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 LHerzog 3 days ago in reply to Vivek Jagad

Thanks. They want to know if changes get synced to the other node. I will check that.

Besides it would be great if someone can post a snip of their HA msync.log - if it's the same most likely it is a cosmetical thing, if not...?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 LHerzog 3 days ago in reply to LHerzog

I have found that log behavior for ipses messages on the old nodes that we replaced and also on all of our other active v20 nodes. this looks like "works as designed".

though it looks like the sesid -1 errors seem to be specific on the 2 new firewalls.

The other firewalls here log something like:

Fri Jun 21 18:10:49 2024:498318Z:2112:STAND:STAND:DEBUG:event.c:499 ses_cnt :1

Mon Jun 24 16:02:04 2024:837482Z:2052:MAST:MAST:DEBUG:event.c:499 ses_cnt :1
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Mayur Makvana 3 days ago in reply to LHerzog

Hi LHerzog

I reviewed one of the HA pair and I could see those logs without any functionality breakage!

Tue Jun 25 05:34:15 2024:542544Z:61804:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10
Tue Jun 25 05:34:19 2024:036906Z:61804:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 11
Tue Jun 25 05:34:33 2024:436708Z:61804:MAST:MAST:ERROR:sync.c:498:sesid:-1:evm slot has NULL for sd 10

Tue Jun 25 05:34:50 2024:687288Z:61804:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset fqdn,443,0,52.21', cli_fd 10, serv_fd 11
Tue Jun 25 05:35:03 2024:017611Z:61804:MAST:MAST:ERROR:event.c:566:handle_event: not found in get_evm2list() for sd 10
Tue Jun 25 05:35:08 2024:259334Z:61804:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset fqdn,435,0,52.21', cli_fd 10, serv_fd 11
Tue Jun 25 05:35:15 2024:125615Z:61804:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -A hostset fqdn,544,0,216.5', cli_fd 10, serv_fd 11
Tue Jun 25 05:35:18 2024:985494Z:61804:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset fqdn,443,0,52.92', cli_fd 10, serv_fd 11
Tue Jun 25 05:35:25 2024:377604Z:61804:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -A hostset fqdn,434,0,52.21', cli_fd 10, serv_fd 11
Tue Jun 25 05:35:27 2024:280965Z:61804:MAST:MAST:ERROR:event.c:566:handle_event: not found in get_evm2list() for sd 10

I am reviewing the reason or cause of this and let you know if any found.

Mayur Makvana
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Mayur Makvana 3 days ago in reply to LHerzog

Hi LHerzog ,

We request you try adding and deleting the FQDN host and reviewing on secondary device.

Fri Jun 21 18:35:32 2024:692530Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -A hostset wcfqdn,567,0,23.', cli_fd 10, serv_fd 11
Fri Jun 21 18:35:32 2024:696762Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -A hostset wcfqdn,1559,0,52', cli_fd 10, serv_fd 11
Fri Jun 21 18:35:37 2024:167965Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset wcfqdn,1559,0,52', cli_fd 10, serv_fd 11
Fri Jun 21 18:35:38 2024:533323Z:3242:MAST:MAST:ERROR:event.c:572: error found for cmd 'ipset -D hostset wcfqdn,1559,0,52', cli_fd 10, serv_fd 11

Here -A suggest addition and -D as deletion

Mayur Makvana
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 LHerzog 2 days ago in reply to Mayur Makvana

I did that yesterday, created a FQDN dummy host on node 1, switched HA nodes

node 2 had the FQDN synced.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel