This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues in ACC 3.000 with ASG 8.300:

I noted that there's a 8.301 up2date currently released as a soft-release -- thought I would ask about a couple of issues I've noted with ACC 3.000 and ASG 8.300 (I posted in the up2date thread but it doesn't look like anyone's responding):

This up2date wouldn't happen to be one that fixes the wierdness I've seen with some ASGs after up2dating to 8.300 where ACC Gateway Manager shows the license as "yellow" when it's an unlimited license and expirations are all a year away, would it?
 
Also some wierdness seen with ACC showing, for instance, HTTP proxy as disabled, but using memory -- all the while it is up and working on the ASG itself. Appears to only have started after up2dating an ASG 8.103 or 8.203 installation to 8.300 -- and it didn't happen to all of them.


This thread was automatically locked due to age.
Parents
  • Hi Bruce,

    the up2date doesn't address any of the things you mentioned.

    Licenses:
    it is explicitly implemented that expired licenses are first red but can get
    greener over time. The assumption is that if a user doesn't update the
    license for a certain amount of time he probably doesn't care about it. It's
    simply possible that users let deliberately expire parts of their license.

    So after that time the algorithm works in reverse order and let the bar get
    greener in order to not disturb the user with warnings about things he
    doesn't care about.

    HTTP-Proxy:
    I tried to reproduce that but in my tests it worked correctly. Does it always
    happen with your ACC? Even if you turn the proxy off and on again on the
    ASG?

    In order to do some debugging you could do the following steps:


    • login to the ACC per ssh
    • switch the log level to debug:
    • open the file /var/chroot-accd/etc/cm/config/logging.xml
    • in the field priority value replace info by debug
    • wait some seconds until the change takes effect
    • on the ASG turn the http-proxy off and on again
    • on the ACC do the following grep:
      grep 'HTTP Proxy' /var/log/accd.log

    • the found lines will be quite long, so just extract the part containing
      the http-proxy values, something like this:
      "http":{"cpu":0,"enabled":true,"mem":2.7,"name":"HTTP Proxy","rss":28966912,"running":true,"status":1}

    • if mem and cpu are greater than 0, enabled should be true and vice versa
    • don't forget to switch back the log level to info


    Regards, Hakan
  • It's been two weeks... the licenses are full guard, good for another year, yet the license status "bar" shows dark yellow... something's off, most of the other systems aren't showing that.

    I'll check on the proxy indicators as you have asked.  All systems have been rebooted a couple of times, no change.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • Hakan, I'll have to wait until I can get a maintenance window on the customer's ASG that is displaying the strange HTTP and SMTP proxy status messages.

    In the meantime, some screenshots to illustrate the license issue I mentioned ... and it only happens on units that have been updated to 8.300 (8.2xx may cause it as well, but we skipped that version entirely).

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • Hi Bruce,

    you are right. Due to the 362 days until expiration the bar should be green.
    It should get yellow when only 30 days are left to the expiration date.
    Could you please login to your ACC per ssh and do the following:


    • in order to find out the guid of the affected ASG enter the following query:
      psql -U acc -c "select * from device_info;"

    • enter the following query by putting the previously found guid into the where clause:
      psql -U acc -c "select * from monitoring_license where guid = 'the-found-guid';"

    • post the anonymized output here


    Thanks and regards, Hakan
  • Will do.  Still no maintenance window available to troubleshoot the misreported HTTP and SMTP proxy status.  I'll post the other info you just requested shortly.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • Here's the SQL output you requested in regards to the licensing display issue:

    THEDEVICEGUID | {"data":{"connections":{"active":94,"max ":32000,"percent":0.29375},"info":{"Id":******,"LicenseString":"*********************x","Owner":"Customer, Customer Company"},"options":{"ClusterNodes":0,"ExpirationDate":"01/28/2013","HighAvailability":true, "IntrusionProtection":true,"RegistrationDate":"01/28/2008","SymmetricMultiProces sing":true,"Type":"ASG110","WarrantyDate":"04/27/2008"},"subscriptions":{"detail s":{"NetworkSecurity":{"Expires":360.566,"Start":"01/28/2008","Stop":"01/28/2013 "},"PremiumSupport":{"Expires":360.566,"Start":"01/28/2008","Stop":"01/28/2013"} ,"StandardSupport":{"Expires":360.566,"Start":"12/14/2010","Stop":"01/28/2013"}, "WebSecurity":{"Expires":360.566,"Start":"01/28/2008","Stop":"01/28/2013"}}},"us ers":{"active":7,"max":10,"percent":70}},"status":{"connections":{"percent":{"hi nt":"","level":0}},"level":0,"subscriptions":{"details":{"NetworkSecurity":{"hin t":"","level":0},"PremiumSupport":{"hint":"","level":0},"StandardSupport":{"hint ":"","level":0},"WebSecurity":{"hint":"","level":0}},"hint":"","level":0},"times tamp":"","users":{"percent":{"hint":"","level":0}}}}

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • Hi Bruce,

    according to the database the bar should be green. As it obviously isn't
    due the screenshot you posted there might be some displaying problem.

    However, we can't reproduce it here. If you could provide us with access
    to your ACC we could have a look on an affected system.

    Please e-mail me if you can grant us access.

    Regards, Hakan
Reply
  • Hi Bruce,

    according to the database the bar should be green. As it obviously isn't
    due the screenshot you posted there might be some displaying problem.

    However, we can't reproduce it here. If you could provide us with access
    to your ACC we could have a look on an affected system.

    Please e-mail me if you can grant us access.

    Regards, Hakan
Children
  • Hi again,

    there is one more thing you could do:


    • login per ssh and turn on debug logging
    • enter the following command:
      grep -E '(license.*level":1|license.*level":2|license.*level":3)' /var/log/accd.log



    The output will be quite long. Try to figure out if there is for the license entries
    a level that is greater than 0.

    Regards, Hakan