This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filter log spams to 80GB

I've come into a scenario over the weekend where our Web log file went from 1% utilization to 100% utilization in a matter of hours (about 5 hours).  It appears that our Sophos UTM was stuck in some kind of loop that it couldn't recover from.

[HTML]
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="ssl_write" file="ssl.c" line="1227" message="SSL_ERROR_SYSCALL: ret=-1 error=Connection reset by peer"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Connection reset by peer"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-14:22:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"

...

2015:09:07-17:16:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-17:16:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-17:16:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-17:16:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-17:16:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-17:16:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-17:16:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-17:16:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-17:16:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"
2015:09:07-17:16:54 sophos httpproxy[5874]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc1c2800" function="send_request_body_send" file="request.c" line="636" message="recv: Input/output error"

[/HTML]

Once the system logged the 'Input/output error', it filled up the log partition pretty quickly and caused the system to eventually become unresponsive.

Has anyone seen this kind of scenario and if so how was it resolved?

My environment is the following:

[HTML]
Model:                 SG310
Firmware version: 9.315-2
Pattern version: 87377
[/HTML]

First time posting to the bulletin board so if there is additional information that is required, please let me know and I will look into it.

Appreciate any help or suggestions.


This thread was automatically locked due to age.
Parents
  • If you are a paying customer, please log a ticket with Support.
  • I already opened up a support ticket but considering support is being outsourced from another country and the fact they want Webadmin access to troubleshoot further, I figured I would try to see if the community has seen similar issues.

    We have very sensitive data within our network and so access to our UTM is restricted.

    I'm still waiting on a response from them which I posted yesterday.  We do have the Premium Support package so if there is a different route to take i'm all ears =)
Reply
  • I already opened up a support ticket but considering support is being outsourced from another country and the fact they want Webadmin access to troubleshoot further, I figured I would try to see if the community has seen similar issues.

    We have very sensitive data within our network and so access to our UTM is restricted.

    I'm still waiting on a response from them which I posted yesterday.  We do have the Premium Support package so if there is a different route to take i'm all ears =)
Children
No Data