Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 14022 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

parsing error at UTM log

kara kutu

i think that is a bug

 

all of the atribute has " and its closed. by error and message sometimes its not closed.

 

message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"

 

 

Jul 26 20:57:46 XXXXXXXXX 2017:07:26-20:57:50 XXXX-UTM httpproxy[5661]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdff12000" function="ssl_write" file="ssl.c" line="1324" message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"

 

 

how can i report this bug.



This thread was automatically locked due to age.
  • 0

    Have you tried the request in a different browser, IE, Chrome or FireFox.  Could be related to SHA certificates or TLS at a guess.

    Thanks, Duncan

  • 0 in reply to DuncanNewell

    Hi

     

    i dont talk about the content of the log.

     

    sophos have parsing error et the logs. 

  • 0 in reply to kara kutu

    This doesn't look like a bug to me, rather some disagreement about TLS.  If you're trying to access a site that hasn't been updated to avoid the POODLE vulnerability, you would see this in the log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    i dont talk about connntent of the log. please check the double quotes of the log.

    please check the  double quotes  of message atribute. its conntent also error atribute.

     

    it ist right now so:

    message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"

     

    it should look like so:

     

    message="SSL_ERROR_SYSCALL: ret=-1"            error="Connection reset by peer"

     

    that is difficult to parse by SIEM

  • 0 in reply to kara kutu

    Thanks, Kara, I understand now.  The best way to report a bug is to get a ticket open with Sophos UTM Support - or is this a home-use license?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    we have lisans but i am rensponsable for SIEM and not for firewall. 

     

    i hope that developer guys read this portal :)

  • 0 in reply to kara kutu

    They don't - they won't see this.  Please ask the person in charge of the Sophos to open a ticket with Sophos Support.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    I use 7-zip to unpack the log files, and sometimes it does not unpack tk a fully valid log.  Rerunning the unpack fixes fhe problem.   Seems more common if other disk activity is high, so now I do obe file Nd pause bridgly before proceedi g to the next.

    To see if this is your problem, run the unzip again to a different file and compare the two files.

Unfiltered HTML