Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 13202 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP Proxy failures - general oddness

BC68

For the past several weeks my UTM has been acting flaky - Issues with the WiFi (AP55) staying connected, web not responding, email quarantine release website giving errors... just general not behaving. I've tried clearing out a few things, turned off EndPoint protect (which as a problem, but resetting my UTM ID seemed to have fixed it), and rebooted. But I'm still getting issues.

I've been sorting through logs trying to see if I can figure out what's going on. I was having some WiFi issues before, but I found some lose connection on my patch panel so i attributed it to that - however after correcting that issue still having some connectivity issues - I'm not suspecting any issues with the AP55 at this point though.

Right now I get an email ~ every hour:

INFO-141] Http proxy not running - restarted

Http proxy not running - restarted
--
System Uptime      : 9 days 15 hours 46 minutes
System Load        : 5.69
System Version     : Sophos UTM 9.508-10

Digging through the log's I'm seeing:

Kernel Log:

2018:04:02-09:20:04 utm kernel: [837290.810516] ConfdReload[60002]: segfault at 33f0e996 ip 00000000f73a9103 sp 00000000e4e7ae70 error 4 in libtcmalloc.so.4.1.0[f7382000+48000]
2018:04:02-09:21:08 utm kernel: [837355.307681] ConfdReload[60674]: segfault at 30459 ip 00000000f759ae08 sp 00000000e4e25bd0 error 6 in libcrypto.so.1.0.0[f74a8000+1b4000]
2018:04:02-09:25:22 utm kernel: [837608.670408] ConfdReload[61080]: segfault at 33f0e996 ip 00000000f739d103 sp 00000000e4e6ee70 error 4 in libtcmalloc.so.4.1.0[f7376000+48000]
2018:04:02-09:29:13 utm kernel: [837839.989362] ConfdReload[61823]: segfault at 0 ip 00000000f7379103 sp 00000000e4e4afe0 error 4 in libtcmalloc.so.4.1.0[f7352000+48000]
2018:04:02-09:36:15 utm kernel: [ 217.193988] ConfdReload[8439]: segfault at 8070455 ip 00000000f686e5ba sp 00000000e4ea68ac error 7 in libc-2.11.3.so[f67f2000+16c000]
2018:04:02-09:36:52 utm kernel: [ 254.219874] ConfdReload[8906]: segfault at 30459 ip 00000000f75e1e08 sp 00000000e4e6cbd0 error 6 in libcrypto.so.1.0.0[f74ef000+1b4000]
2018:04:02-09:38:08 utm kernel: [ 330.497729] ConfdReload[9258]: segfault at 9060455 ip 00000000f73d9b96 sp 00000000e4e99c40 error 4 in libtcmalloc.so.4.1.0[f73a1000+48000]
2018:04:02-09:42:27 utm kernel: [ 588.853698] Confd[9414]: segfault at 6 ip 00000000f7392697 sp 00000000f64aab80 error 4 in libtcmalloc.so.4.1.0[f7359000+48000]
2018:04:02-09:43:25 utm kernel: [ 647.012638] ConfdReload[10419]: segfault at 9007375 ip 00000000f735eb96 sp 00000000e4e1e950 error 4 in libtcmalloc.so.4.1.0[f7326000+48000]

 

Self monitoring log:

2018:04:02-10:03:46 utm selfmonng[4917]: W child returned status: exit='0' signal='0'
2018:04:02-10:04:06 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 1 - 3
2018:04:02-10:04:11 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 2 - 3
2018:04:02-10:04:16 utm selfmonng[4917]: W check Failed increment httpproxy_running counter 3 - 3
2018:04:02-10:04:16 utm selfmonng[4917]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2018:04:02-10:04:16 utm selfmonng[4917]: W triggerAction: 'cmd'
2018:04:02-10:04:16 utm selfmonng[4917]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2018:04:02-10:04:18 utm selfmonng[4917]: W child returned status: exit='0' signal='0'
2018:04:02-10:04:48 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 1 - 3
2018:04:02-10:04:53 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 2 - 3
2018:04:02-10:04:58 utm selfmonng[4917]: W check Failed increment httpproxy_running counter 3 - 3
2018:04:02-10:04:58 utm selfmonng[4917]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2018:04:02-10:04:58 utm selfmonng[4917]: W triggerAction: 'cmd'
2018:04:02-10:04:58 utm selfmonng[4917]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2018:04:02-10:05:00 utm selfmonng[4917]: W child returned status: exit='0' signal='0'
2018:04:02-10:07:10 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 1 - 3
2018:04:02-10:07:15 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 2 - 3
2018:04:02-10:07:20 utm selfmonng[4917]: W check Failed increment httpproxy_running counter 3 - 3
2018:04:02-10:07:20 utm selfmonng[4917]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2018:04:02-10:07:20 utm selfmonng[4917]: W triggerAction: 'cmd'
2018:04:02-10:07:20 utm selfmonng[4917]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2018:04:02-10:07:57 utm selfmonng[4917]: W child returned status: exit='0' signal='0'
2018:04:02-10:10:37 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 1 - 3
2018:04:02-10:10:42 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 2 - 3
2018:04:02-10:10:47 utm selfmonng[4917]: W check Failed increment httpproxy_running counter 3 - 3
2018:04:02-10:10:47 utm selfmonng[4917]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2018:04:02-10:10:47 utm selfmonng[4917]: W triggerAction: 'cmd'
2018:04:02-10:10:47 utm selfmonng[4917]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2018:04:02-10:10:53 utm selfmonng[4917]: W child returned status: exit='0' signal='0'
2018:04:02-10:13:23 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 1 - 3
2018:04:02-10:13:28 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 2 - 3
2018:04:02-10:13:33 utm selfmonng[4917]: W check Failed increment httpproxy_running counter 3 - 3
2018:04:02-10:13:33 utm selfmonng[4917]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2018:04:02-10:13:33 utm selfmonng[4917]: W triggerAction: 'cmd'
2018:04:02-10:13:33 utm selfmonng[4917]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2018:04:02-10:13:35 utm selfmonng[4917]: W child returned status: exit='0' signal='0'

When I get quarantine report and click on it via e-mail I get this:
  

I do have a wildcard SSL cert applied, however it works no problem when accessing either the admin page nor the user portal (both produce green bars):
 


The UTM is running on an ESXi 6.0 (on an old dell R710), the VM has 8GB of RAM, 200GB HDD and 4 CPU's - all hardware indicator's seen to be fine:
 

One thing to note, since I have the home license I'm getting close to the 50 max - have about 45 devices (yeah, I know... between gaming consoles, computers, roku's, voip, work laptops, kid's school ipads, cell phones... we got lot's of crap), so I'm getting low on licenses but the hardware spec's shouldn't have any issues handling it.

Any suggestions, help, chicken sacrifices, etc.. would be greatly appreciated.


This thread was automatically locked due to age.
  • 0 in reply to Catfriend

    Since I had a backup as of this weekend, and I have a backup connection for work I decided to give the 9.510 update a try. Came up OK, I didn't have to manually edit the  httpd-spam.conf to keep my SSL cert in there, and so far no restarts - however sometimes after a reboot it appeared "clean" for a few hours, so I'll watch and see. But so far so good.

  • 0 in reply to Catfriend

    Applying the 9.510 update seems to have resolved my issues. No longer getting http restarts, and not seeing segfault crashes any more. Overall the UTM is acting better. Wish it hadn't taken so long for the fix, but it seems to be working now.

  • 0 in reply to BC68

    As I look back in my inbox at HUNDREDS of notifications of "Http proxy not running - restarted", I noticed the last notification I got was about six weeks ago with Sophos UTM 9.509-3 and as I check my current version, I see that I'm still running 9.509-3 but haven't had the proxy failures.  I don't know what caused them and I have no idea what cleared them up, but I'm glad to notice I went from several notifications per day to none since June 14th.  

    I'd actually forgotten about this issue (which didn't seem to be negatively affecting anything, it was just a nagging concern that it was happening) until I read this message.  I haven't seen 9.510 available, but I'm happy to see the problem seems to be gone now.

  • 0 in reply to Sean Workman

    Interesting that it magically cleaned up for you... check your logs to see if it's still happening, just not getting e-mail notifications on it. It was causing issues for me, this patch seems to have cleared up lot's of minor issues - my wifi was pretty flaky (but I couldn't nail down the issue), and it seems to be better now as well. So at least for me this patch solved a lot of issues and makes things way better around here :)


    You can manually download and apply the patch - that's what I did. ftp://ftp.astaro.com/pub/UTM/v9/up2date/

Unfiltered HTML