Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1825
Views
0
Helpful
3
Replies

Cisco C690 - Update alarm

alejandro.aguilar
Level 1
Level 1

‎03-27-2020 03:41 PM

The customer reports me the following alarm:

“An update Failure notification is sent when a service fails to update properly. This notification contains the opaque type for the update Service Name of the update service that has failed.”

 

information below

 

LastOccurrence                19/3/20 21:38

Agent   customer

AggregationFirst              19/3/20 21:40

CollectionFirst   19/3/20 21:40

DisplayFirst        31/12/69 19:00

ExpireTime         43200

ExtendedAttr    .1.3.6.1.2.1.1.3.0="(3699665767) 428 days, 4:50:57.67";.1.3.6.1.4.1.15497.1.1.1.13.1.2="case";.1.3.6.1.6.3.1.1.4.1.0=".1.3.6.1.4.1.15497.1.1.2.6";1="case";1_hex="63 61 73 65";1_raw="case";1_text="case";DEFAULT_ExpireTime="0";DEFAULT_Severity="3";DEFAULT_Type="1";EventCount="562455080";IPaddress="10.66.6.131";Node="10.66.6.131";NodeAlias="esa2-v.claro.co";OID1="1.3.6.1.4.1.15497.1.1.1.13.1.2";OPTION_EnableDetails="0";OPTION_EnableDetails_huawei="0";OPTION_EnableDetails_marconi="0";OPTION_EnableDetails_nec="0";OPTION_EnableDetails_nokiaSolutionsAndNetworks="1";OPTION_EnableDetails_radwin="0";OPTION_EnableDetails_smartsMIB="1";OPTION_EnableDetails_unisys="0";OPTION_StateBasedCorr="0";OS_AdvCorrCauseType_ATMF="Unknown";OS_AdvCorrCauseType_IANA="Unknown";OS_AdvCorrCauseType_nec="Unknown";OS_CorrScore="Unknown";OS_EventId="SNMPTRAP-ASYNCOS-MAIL-MIB-updateFailure";OS_ExpireTime="0";OS_LocalNodeAlias="10.66.6.131";OS_Severity="3";OS_Type="1";OidFlag="1";PeerAddress="10.66.6.131";PeerIPaddress="10.66.6.131";Protocol="UDP";ReceivedPort="162";ReceivedTime="1584672016";ReqId="1087869084";SNMP_Version="2";UpTime="3699665767";Uptime="4:50:57.67";community="COMCELCW";enterprise=".1.3.6.1.4.1.15497.1.1.2";generic-trap="6";notify=".1.3.6.1.4.1.15497.1.1.2.6";specific-trap="6";updateIndex="2";updateServiceName="case"

FirstOccurrence               19/3/20 21:38

Identifier            10.66.6.131 | updateEntry.2 | updateFailure | 1 | 11SalidaInternet | MTTrapd Probe on GSRCMDBTRI31 | 6

InternalLast       19/3/20 21:40

NodeAlias           esa2

ProbeSubSecondId        236

Serial     1436532

ServerName      COL

ServerSerial       7279624

Sol_Dedicadas  0

StateChange     19/3/20 21:41

SuppressEscl     Normal

Labels:
0 Helpful
3 Replies 3

ppreenja
Cisco Employee
Cisco Employee

‎03-28-2020 02:17 AM

Hello alejandro.aguilar,

This is general update failure not for a specific engine like Spam / Virus ..etc, it will monitor all updates through SNMP in case of any failure it will be reported with Service name. Please refer below details for the same:

updateFailure NOTIFICATION-TYPE
OBJECTS { updateServiceName }
STATUS current
DESCRIPTION
"An updateFailure notification is sent when a service fails
to update properly. This notification contains the opaque
type for the updateServiceName of the update service that
has failed."
::= { asyncOSMailNotifications 6 }

MIB Link: https://www.cisco.com/web/ironport/tools/email/ASYNCOS-MAIL-MIB.txt

You can check and get more details on complete alert with "updateServiceName" to check which service is not getting updated on the ESA appliance. Checking on the "updater_logs" on ESA appliance will help you to check further which services are not getting updated.

I hope the above helps!

Cheers,
Pratham




0 Helpful

alejandro.aguilar
Level 1
Level 1
In response to ppreenja

‎03-28-2020 09:30 AM

Hello Pratham, 

Thanks a lot for your answer.

 

I was looking from the log and  I find this information,  I guess that the ESA element does not reach the file to download and update.

 

Thu Mar 26 13:22:25 2020 Info: case cleaning up base dir [bindir]
Thu Mar 26 13:22:25 2020 Info: case verifying applied files
Thu Mar 26 13:22:25 2020 Info: case updating the client manifest
Thu Mar 26 13:22:25 2020 Info: case update completed
Thu Mar 26 13:22:25 2020 Info: case waiting for new updates
Thu Mar 26 13:27:18 2020 Info: Starting scheduled update
Thu Mar 26 13:27:21 2020 Info: Acquired server manifest, starting update 119177
Thu Mar 26 13:27:21 2020 Info: Server manifest specified an update for case
Thu Mar 26 13:27:21 2020 Info: case was signalled to start a new update
Thu Mar 26 13:27:21 2020 Info: case processing files from the server manifest
Thu Mar 26 13:27:21 2020 Info: case started downloading files
Thu Mar 26 13:27:21 2020 Info: case waiting on download lock
Thu Mar 26 13:27:21 2020 Info: case acquired download lock
Thu Mar 26 13:27:21 2020 Info: case beginning download of remote file "http://updates.ironport.com/case/2.0/pkg_version/default/1585247202233509"
Thu Mar 26 13:22:23 2020 Info: case beginning download of remote file "http://updates.ironport.com/case/2.0/dfa_updates/default/1585246900317438"
Thu Mar 26 13:27:21 2020 Info: Scheduled next update to occur at Thu Mar 26 13:32:21 2020
Thu Mar 26 13:28:21 2020 Info: case beginning download of remote file "http://updates.ironport.com/case/2.0/pkg_version/default/1585247202233509"
Thu Mar 26 13:28:45 2020 Info: case released download lock
Thu Mar 26 13:28:45 2020 Info: case failed to download "case/2.0/pkg_version/default/1585247202233509": attempt 0
Thu Mar 26 13:28:45 2020 Info: case waiting on download lock
Thu Mar 26 13:28:45 2020 Info: case acquired download lock
Thu Mar 26 13:28:45 2020 Info: case beginning download of remote file "http://updates.ironport.com/case/2.0/pkg_version/default/1585247202233509"
Thu Mar 26 13:29:05 2020 Info: case beginning download of remote file "http://updates.ironport.com/case/2.0/pkg_version/default/1585247202233509"
Thu Mar 26 13:29:25 2020 Info: case released download lock
Thu Mar 26 13:29:25 2020 Info: case failed to download "case/2.0/pkg_version/default/1585247202233509": attempt 1
Thu Mar 26 13:29:25 2020 Info: case waiting on download lock
Thu Mar 26 13:29:25 2020 Info: case acquired download lock
Thu Mar 26 13:29:25 2020 Info: case beginning download of remote file "http://updates.ironport.com/case/2.0/pkg_version/default/1585247202233509"
Thu Mar 26 13:29:45 2020 Info: case beginning download of remote file "http://updates.ironport.com/case/2.0/pkg_version/default/1585247202233509"
Thu Mar 26 13:30:05 2020 Info: case released download lock
Thu Mar 26 13:30:05 2020 Info: case failed to download "case/2.0/pkg_version/default/1585247202233509": attempt 2
Thu Mar 26 13:30:05 2020 Warning: case update failed
Thu Mar 26 13:32:21 2020 Info: Starting scheduled update
Thu Mar 26 13:32:21 2020 Info: Scheduled next update to occur at Thu Mar 26 13:37:21 2020

 

 

regards, 

Alejandro Aguilar

 

 

0 Helpful

ppreenja
Cisco Employee
Cisco Employee
In response to alejandro.aguilar

‎03-28-2020 09:20 PM

Hello Alejandro,

Based on the logs shared your CASE engine on the ESA seems to be failing to update and download. You can check on the same with "asstatus" command. I suspect that your firewall (or another security device, proxy, IPS..) is causing this network issue. Could you please check with your firewall team if ports 80 and 443 are completely open (both directions) and the traffic is not modified/filtered.

Common causes for the update failure, but are not limited to:

General lack of network connectivity
Firewall blocking access to update server
Failure to look up the IP for the update server

We need to insure that you have connectivity to our servers on the following ports in the firewall :

downloads.ironport.com 80
updates.ironport.com 80
update-manifests.ironport.com 443

Cisco offers static servers for the sites that have strict firewall requirements. It is important to note that if you configure the update and upgrade settings on your appliance with the use of this static method, all the information is needed in the firewalls as well.

Here are the hostnames, IP addresses, and ports that are involved in the upgrade and update process:

downloads-static.ironport.com: 208.90.58.105 on port 80
update-manifests.ironport.com: 208.90.58.5 on port 443
updates-static.ironport.com: 208.90.58.25 on port 80

Complete these steps in order to change the upgrade and update settings on the AsyncOS:

1. Navigate to the Service Updates tab of the Security Services page.
2. Click Edit Update Settings....
3. Select Local Update Servers from the Update Servers (images) field.
4. Enter http://downloads-static.ironport.com in the Base URL (all services except McAfee Anti-Virus definitions and IronPort AsyncOS upgrades) field and set the Port to 80. Leave the Authentication Settings field blank.
5. Enter updates-static.ironport.com in the Host (McAfee Anti-Virus definitions, PXE Engine updates, IronPort AsyncOS upgrades) field.
6. Ensure that the Update Servers (list) field is set to IronPort Update Servers.
7. Update the Proxy Servers settings if required.
8. Click Submit.
9. Click Commit Changes.
10. Click Commit Changes again in order to confirm.

Also, please find below the link which provided you with the information on the ports that need to be opened on your firewall for ESA to communicate without any issues:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_11_1_appendix_0101111.pdf

I hope the above will be able to resolve the issue at your end.

Cheers,
Pratham
0 Helpful
Customers Also Viewed These Support Documents