This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues in ACC 3.000 with ASG 8.300:

I noted that there's a 8.301 up2date currently released as a soft-release -- thought I would ask about a couple of issues I've noted with ACC 3.000 and ASG 8.300 (I posted in the up2date thread but it doesn't look like anyone's responding):

This up2date wouldn't happen to be one that fixes the wierdness I've seen with some ASGs after up2dating to 8.300 where ACC Gateway Manager shows the license as "yellow" when it's an unlimited license and expirations are all a year away, would it?

Also some wierdness seen with ACC showing, for instance, HTTP proxy as disabled, but using memory -- all the while it is up and working on the ASG itself. Appears to only have started after up2dating an ASG 8.103 or 8.203 installation to 8.300 -- and it didn't happen to all of them.

This thread was automatically locked due to age.

Parents

0 Hakan Yueksel over 12 years ago
Hi Bruce,

the up2date doesn't address any of the things you mentioned.

Licenses:
it is explicitly implemented that expired licenses are first red but can get
greener over time. The assumption is that if a user doesn't update the
license for a certain amount of time he probably doesn't care about it. It's
simply possible that users let deliberately expire parts of their license.

So after that time the algorithm works in reverse order and let the bar get
greener in order to not disturb the user with warnings about things he
doesn't care about.

HTTP-Proxy:
I tried to reproduce that but in my tests it worked correctly. Does it always
happen with your ACC? Even if you turn the proxy off and on again on the
ASG?

In order to do some debugging you could do the following steps:

login to the ACC per ssh
switch the log level to debug:
open the file /var/chroot-accd/etc/cm/config/logging.xml
in the field priority value replace info by debug
wait some seconds until the change takes effect
on the ASG turn the http-proxy off and on again
on the ACC do the following grep:
grep 'HTTP Proxy' /var/log/accd.log

the found lines will be quite long, so just extract the part containing
the http-proxy values, something like this:
"http":{"cpu":0,"enabled":true,"mem":2.7,"name":"HTTP Proxy","rss":28966912,"running":true,"status":1}

if mem and cpu are greater than 0, enabled should be true and vice versa
don't forget to switch back the log level to info

Regards, Hakan
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 12 years ago in reply to Hakan Yueksel

It's been two weeks... the licenses are full guard, good for another year, yet the license status "bar" shows dark yellow... something's off, most of the other systems aren't showing that.

I'll check on the proxy indicators as you have asked. All systems have been rebooted a couple of times, no change.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 12 years ago in reply to BrucekConvergent

Hakan, I'll have to wait until I can get a maintenance window on the customer's ASG that is displaying the strange HTTP and SMTP proxy status messages.

In the meantime, some screenshots to illustrate the license issue I mentioned ... and it only happens on units that have been updated to 8.300 (8.2xx may cause it as well, but we skipped that version entirely).

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 Hakan Yueksel over 12 years ago in reply to BrucekConvergent
Hi Bruce,

you are right. Due to the 362 days until expiration the bar should be green.
It should get yellow when only 30 days are left to the expiration date.
Could you please login to your ACC per ssh and do the following:

in order to find out the guid of the affected ASG enter the following query:
psql -U acc -c "select * from device_info;"

enter the following query by putting the previously found guid into the where clause:
psql -U acc -c "select * from monitoring_license where guid = 'the-found-guid';"

post the anonymized output here

Thanks and regards, Hakan
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 12 years ago in reply to Hakan Yueksel

Will do. Still no maintenance window available to troubleshoot the misreported HTTP and SMTP proxy status. I'll post the other info you just requested shortly.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 12 years ago in reply to BrucekConvergent

Here's the SQL output you requested in regards to the licensing display issue:

THEDEVICEGUID | {"data":{"connections":{"active":94,"max ":32000,"percent":0.29375},"info":{"Id":******,"LicenseString":"*********************x","Owner":"Customer, Customer Company"},"options":{"ClusterNodes":0,"ExpirationDate":"01/28/2013","HighAvailability":true, "IntrusionProtection":true,"RegistrationDate":"01/28/2008","SymmetricMultiProces sing":true,"Type":"ASG110","WarrantyDate":"04/27/2008"},"subscriptions":{"detail s":{"NetworkSecurity":{"Expires":360.566,"Start":"01/28/2008","Stop":"01/28/2013 "},"PremiumSupport":{"Expires":360.566,"Start":"01/28/2008","Stop":"01/28/2013"} ,"StandardSupport":{"Expires":360.566,"Start":"12/14/2010","Stop":"01/28/2013"}, "WebSecurity":{"Expires":360.566,"Start":"01/28/2008","Stop":"01/28/2013"}}},"us ers":{"active":7,"max":10,"percent":70}},"status":{"connections":{"percent":{"hi nt":"","level":0}},"level":0,"subscriptions":{"details":{"NetworkSecurity":{"hin t":"","level":0},"PremiumSupport":{"hint":"","level":0},"StandardSupport":{"hint ":"","level":0},"WebSecurity":{"hint":"","level":0}},"hint":"","level":0},"times tamp":"","users":{"percent":{"hint":"","level":0}}}}

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 Hakan Yueksel over 12 years ago in reply to BrucekConvergent

Hi Bruce,

according to the database the bar should be green. As it obviously isn't
due the screenshot you posted there might be some displaying problem.

However, we can't reproduce it here. If you could provide us with access
to your ACC we could have a look on an affected system.

Please e-mail me if you can grant us access.

Regards, Hakan
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Hakan Yueksel over 12 years ago in reply to BrucekConvergent

Hi Bruce,

according to the database the bar should be green. As it obviously isn't
due the screenshot you posted there might be some displaying problem.

However, we can't reproduce it here. If you could provide us with access
to your ACC we could have a look on an affected system.

Please e-mail me if you can grant us access.

Regards, Hakan
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Hakan Yueksel over 12 years ago in reply to Hakan Yueksel
Hi again,

there is one more thing you could do:

login per ssh and turn on debug logging
enter the following command:
grep -E '(license.*level":1|license.*level":2|license.*level":3)' /var/log/accd.log

The output will be quite long. Try to figure out if there is for the license entries
a level that is greater than 0.

Regards, Hakan
Cancel
Vote Up 0 Vote Down

Cancel