This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[INFO-114] Ulogd not running - restarted

Since upgrading our 2-node HA (ASG220) cluster to 9.205-12, I'm getting this error message exactly twice per day. Once in the morning sometime between 6:45-7am and again 12 hours later, around 7pm. In the warning email that's sent, CPU usage is through the roof:

-- 

HA Status          : CLUSTER MASTER (node id: 1)
System Uptime      : 21 days 15 hours 17 minutes
System Load        : 12.22
System Version     : Sophos UTM 9.205-12


After the ulogd is restarted automatically by the watchdog, CPU usage returns to normal levels. I assume some database is corrupt or something along those lines, but I don't know where to begin troubleshooting this. I see over in the (now closed) 9.205 soft-release thread, that someone else was having a very similar if not identical problem but no solution was offered. It appears that it may be related to:

fix 32238 ulogd restarts (BUG at ipfix.c:313 / BUG at thread.c:33 ) and coredumps

Can anyone please help? thanks [:)]


This thread was automatically locked due to age.
Parents
  • FIVE years later and I came here looking for an answer to this exact problem:  enable IPFIX = multiple/daily INFO-114 alerts;  disable IPFIX = no alerts.

    First off, it's incredibly disappointing that this issue still persists in 2019.  Really, Sophos?!

    Most importantly, tho, I was able to get this escalated thru the ranks and, after about three months, they were FINALLY able to offer a resolution:
    "It looks like the issue is being cause by a database view having the wrong column type. Development has provided a workaround.."

    They were able to apply the "fix" without a reboot, and I haven't seen any INFO-114 alerts since (where before, we were getting around 5 per day from our busiest device).

    So there's that, for whatever it's worth.  At least it's a semi-resolution to this ages-old issue.
    Enjoy.

Reply
  • FIVE years later and I came here looking for an answer to this exact problem:  enable IPFIX = multiple/daily INFO-114 alerts;  disable IPFIX = no alerts.

    First off, it's incredibly disappointing that this issue still persists in 2019.  Really, Sophos?!

    Most importantly, tho, I was able to get this escalated thru the ranks and, after about three months, they were FINALLY able to offer a resolution:
    "It looks like the issue is being cause by a database view having the wrong column type. Development has provided a workaround.."

    They were able to apply the "fix" without a reboot, and I haven't seen any INFO-114 alerts since (where before, we were getting around 5 per day from our busiest device).

    So there's that, for whatever it's worth.  At least it's a semi-resolution to this ages-old issue.
    Enjoy.

Children