Thread Info
  • State Verified Answer
  • +14 person also asked this people also asked this
  • Locked Locked
  • Replies 67 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 119078 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[INFO-141] Http proxy not running - restarted notification + segfaults in kernel log since this morning

R0n1

Update 11:27 Sophos official workaround https://community.sophos.com/kb/en-us/127257
Update 13:48 Sophos fix: https://community.sophos.com/kb/en-us/127257 A new pattern called u2d-appctrl43-9-42 was recently released to resolve this issue. Please enable application control again. Manual Cleanup required /var/storages/cores could contain large coredump files that need to be manually removed.

Good morning,

 

This morning we received multiple  [INFO-141] Http proxy not running - restarted notifications around 09:11


When looking in the log's it seemed it occured straight after an up2date pattern update.

Looking in the kernel logs:

2017:08:07-09:11:17 gateway-1 kernel: [1448439.994411] NAVLWorker_01[31756]: segfault at 18b09499 ip 00000000f68495da sp 00000000e8cc0fec error 4 in libc-2.11.3.so[f67cd000+16c000]
2017:08:07-09:24:28 gateway-1 kernel: [1449231.586930] NAVLWorker_10[32179]: segfault at e78ba000 ip 00000000f68045e1 sp 00000000c36d8fbc error 4 in libc-2.11.3.so[f6788000+16c000]
2017:08:07-09:25:09 gateway-1 kernel: [1449272.038211] NAVLWorker_01[5095]: segfault at e9122000 ip 00000000f68875e1 sp 00000000bed45fbc error 4 in libc-2.11.3.so[f680b000+16c000]
2017:08:07-09:26:18 gateway-1 kernel: [1449341.488162] NAVLWorker_08[5501]: segfault at 4ca50b2b ip 00000000f68625df sp 00000000e7ed2fbc error 4 in libc-2.11.3.so[f67e6000+16c000]





This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to William Duke

    William Duke said:

    The storage partition is still full.  Do we need to manually clean it?  If so, can you post instructions?

    Login into the CLI (either via SSH or hook up a keyboard + monitor to the physical appliance or open the host console on a virtual appliance). Type in:

    cd /var/storage/cores/
    rm *

    The above will remove all the core dumps ever generated and should free up the storage partition.

Children
  • 0 in reply to Mateusz Bender

    A Sophos advisory (community.sophos.com/.../127257) outlines how to delete the coredumps created by this issue.

    I have done this, but as we are running an Active-Standby configuration it has prompted me to ask the question: Can I connect directly to the Standby Unit via SSH to examine the contents of /var/storage/cores or do I have to SSH to the Primary Unit and connect from there? If I have to go via the Primary Unit, what command would permit me to connect to the Standby Appliance.

    Many thanks,

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

  • 0 in reply to isoffice

    Please ignore my last post folks.

    By using the command ha_utils ssh I was able to connect to the Standby Unit via the Primary and examine the contents of /var/storage/cores. I then removed the coredumps created by this issue.

    Best regards,

    John P

    2 x SG450 (Version 9.714-4)

    HA = Active-Passive

Unfiltered HTML