Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 2 subscribers
  • Views 8132 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUM will not automatically nor manually update its Patterns

RobertPackett

Newly installed Sophos UTM Manager software appliance (SUM SA) v4.305-4 will not automatically nor manually update its Patterns.

The manual update configuration (Management/Up2Date/Overview/Pattern) shows:

Pattern  
Current pattern version:               0
Latest available pattern version:   112518		  

Clicking on "Update patterns now" button brings up the "Information:" window message "Pattern installation has been started. This may take a while. You can refresh this page periodically to check when the process has completed." Despite the message, the patterns are never updated. (Note: Firmware updates proceed as expected.)

An earlier SUM software appliance installation updates its patterns automatically as expected. Both the working installation and the non-updating installation are licensed.

HOW CAN I GET THE APPLIANCE TO BEGIN AUTOMATICALLY UPDATING ITS PATTERNS?

A recent "Up2Date messages" log excerpt follows, below. (Note: Neither the working SUM SA installation nor the non-updating SUM SA installation is configured for HA system nor as a cluster node. Indeed, SUM SA has no option to select HA nor cluster configuration.)

2016:11:11-01:34:03 acc audld[1005]: patch up2date possible
2016:11:11-01:34:08 acc audld[1005]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2016:11:11-02:04:01 acc audld[2632]: no HA system or cluster node
2016:11:11-02:04:01 acc audld[2632]: Starting Up2Date Package Downloader
2016:11:11-02:04:02 acc audld[2632]: patch up2date possible
2016:11:11-02:04:08 acc audld[2632]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2016:11:11-02:14:35 acc audld[3576]: no HA system or cluster node
2016:11:11-02:14:35 acc audld[3576]: Starting Up2Date Package Downloader
2016:11:11-02:14:36 acc audld[3576]: patch up2date possible
2016:11:11-02:14:37 acc audld[3576]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"


This thread was automatically locked due to age.
  • 0

    Robert, I suspect that audld is the same as used in the UTM.  Other logs are also chatty like this, but it's nothing to worry about.  What do you get from:

    cat /etc/up2date/servers.sorted.rpmsave

    That should give you a list of several Up2Date servers.  If it does, try the following command and show what you see:

    audld.plx --dryrun --nosys --level d

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob... After some awkwardness due to my inexperience with SSH, and presuming I needn't have 'root' access, I got the following during my SSH session as "loginuser":
       loginuser@acc:/home/login > cat /etc/up2date/servers.sorted.rpmsave
       cat: /etc/up2date/servers.sorted.rpmsave: No such file or directory
       loginuser@acc:/home/login > audld.plx --dryrun --nosys --level d
       -bash: audld.plx: command not found
       loginuser@acc:/home/login > audld.plx --dryrun --nosys --level dApparently, you 'fingered' my problem: no Up2Date servers file.

    BTW: I installed from a SUM v.4.300-4.1.iso and after basic setup, automatically downloaded all available Up2Date FW packages to reach SUM v.4.304-5. Only then did I restore a backup of the working SUM SA I want to replace. No errors were indicated at any time.

    I ran thru the entire install process a second time, which presumably erased the earlier 4.304-5 as the installer indicated. Again, no errors were indicated; however, Patterns still will not update. The SSH results (above) were obtained from this second (and current) install.

    I'm at a loss. Further ideas are welcome.

    Thanks.
    Rob

  • 0 in reply to RobertPackett

    Rob, after you're in as loginuser, enter

    su -

    then give the root password and run the commands.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob, et al.,
    Problem solved ... SUM SA dashboard now shows Pattern version: 112693.

    On general principles I rebooted my screening router, which was the only device between the SUM SA and the Internet, then the SUM SA itself, then switched back on automatic Pattern updates at 15-minute the interval. Shortly later, the patterns updated.
    I don't know exactly what did the trick; but, I'll take the results.

    Thank you for all your help, Bob!
    Rob

  • 0 in reply to RobertPackett

    Good show, Rob.  I'll guess that the screening router needed to have its ARP table cleared.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Tho' I had the same tho't, Bob, I suspect it's not the answer. My internal UTM9 SA and three UTM9 SAs located in family houses elsewhere (ie, reachable only through the I-net) were all connected to the SUM SA even while it would not update patterns. Further, I had installed 4.300.4.1 and updated to 4.3.04-5 with the earlier network configuration.
    You may still be right, tho': I also bypassed a switch that was earlier between the SUM SA and the screening router just before rebooting. I can't help but wonder what would have happened had I rebooted that switch first.
    I always like to isolate the root cause of any problem. Regardless, I declare a victory on this one.

    Thanks again.
    Rob

  • 0 in reply to RobertPackett

    It seems I may have spoken too soon. After nearly 24 hours, the SUM SA patterns have not updated. While they remain at Pattern version 112693, all our UTMs (located in geographically diverse family houses) have updated to Pattern version 112739 or 112740. Interestingly, the SA UTM at my house is configured to use the SUM SA as a Parent Proxy for Firmware and Pattern updates! Therefore, I conclude the SUM SA is obtaining patterns from the servers and caching same for my UTM.

    Question: What should be the current Pattern version for SUM v.4.304-5?
    I suspect there might/should be some differential in pattern versions due to the differential in protections between the two device types (see following license info).

    My SUM SA has a basic license  (License page shows "Special: [blank]", where [blank] means just that.
    The UTMs have Home Use licenses (they're in individual family homes) with the usual HU subscriptions for Network, E-mail, Web, Webserver, Wireless, Endpoint Antivirus protections, and with Standard Support. (Sandstorm and BasicGuard are not licensed and therefore disabled).

    Ideas? Further thoughts?

    Thanks,
    Rob

    P.S.: I replied yesterday with log excerpts from my SSH session where I used the terminal commands Bob recommended. The forum said the moderators were reviewing that reply. I mention it only in case those excerpts might help isolate my pattern update problem.  -Rob

  • 0 in reply to RobertPackett

    Every UTM will have a different pattern level.  The level shown is the highest pattern number your configuration requires.  I still thinnk you've won. [;)]

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML