03-11-2015 06:35 PM
Hi,
Earlier this morning, both our C170's stopped accepting incoming connections on 25...Incoming mail has a public listener (port 25), interface is correct (data 2 / External)...any suggestions/ideas what could have caused both to stop accepting connections at the same time?
Thanks
03-11-2015 10:43 PM
Hello John
I would suggest looking at these commands:
To ensure the system was not playing up on the port as well:
---
Netstat
---
Looked at active connection and see if your Port 25 is listening or not, if not.
Try a
---
Resume
---
If no resolution, go to check the listeners
---
Listenerconfig
---
Ensure your listener is configured and available
Make sure your listener is also connected to an IP interface that also exists
If required, edit the settings and check the IP interface linked to the listener.
If all of this is fine.
Please attempt a telnet on port 25 to itself
CLI > telnet <IP interface> 25
And let us know the result if there is any errors or not.
03-12-2015 02:38 PM
Hi - Thanks for the reply....this is now resolved...the above steps were performed yesterday, and nothing was running on port 25 on both....listernerconfig revealed why: no listerners configured?
Cause - "Someone" had changed the clusterlevel config...cluster was configured with listerns, but someone had changed both C170's to manually override the cluster with machine level config....checking the logs (gui_log and cli_log), I can see "someone"(We only have 3 staff who login to these devices, but all with "admin" and all from the same nat IP), had edited the listeners 3 days ago, a commit was applied 2 days ago, and another commit was done yesterday morning...so it really doesn't add up..If the listeners were changed 3 days ago, and commit done 2 days ago, why didn't both boxes stop listening on port 25, 2 days ago....Is the logging on these devices not reliable, or doesn't log "everything".....It's now resolved (forced both 170's to use the cluster settings for listeners)...but Im still very interested in how to accurately audit when it was changed, and by who....as it's not something that is "easily/accidentally" done...
03-12-2015 07:31 PM
Hello John,
I believe I was the engineer who handled that TAC case who corrected the issue for you when the case was raised up.
With regards to those auditing.
The GUI and CLI logs will display who has logged in and what commands were used or page was reviewed.
While i explained to Shaun and Michael on the information this log has, we do not have a direct way to audit every change that was issued (atleast from my knowledge).
I apologise if there isn't an exact auditing log available to provide this information that you're seeking with what and who made that change.
At most you can narrow down who was logged into the device at the time the mails ceased to work by grepping the time-stamp against the gui_logs and cli_logs
Also to keep in mind to review both devices as their logs will yield different information.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide