cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3239
Views
0
Helpful
8
Replies
Omar Fatah
Beginner

Warning: update - CASE - Error

hi,

we are using ironport c160 7.0 when we upgrade the ironport to 7.1.2 (inbuild upgrade) we got some mail regading an error

Warning: update - CASE - Error transferring uridb/uridb-20110419_224805.case: Timeout error reading data

when checked the case it is showing that the last date of update is date when ironport was upgraded.


can anyone please advice so that i update the case.

Thanks in advance..

Regards

Omar Fatah

1 ACCEPTED SOLUTION

Accepted Solutions

As a follow up for those that may be reviewing this thread I wanted to post some additional data.

Since the case was not opened via the threads I will be posting resolution data manually.

We ended up changing the update time out for this system. Network latency appeared to be causing the updates to fail. Given enough time the updates would finish successfully. Normally these settings do not need to be changed and in the event of an update failure the system will continue to try until successful however in this case that was not happening. We were seeing incomplete downloads. The default time out period turned out to be just around the midpoint of the download.

Extending the time out period resolved this and allowed the system to update successfully.

These settings can be modified from the CLI using the command 'updateconfig'

smurf.run> updateconfig

Service (images):                  Update URL:

------------------------------------------------------------------------------

Sophos Anti-Virus definitions      http://downloads.ironport.com/av

IronPort Anti-Spam rules           http://downloads.ironport.com/as

Virus Outbreak Filters rules       http://downloads.ironport.com/as

Feature Key updates                http://downloads.ironport.com/asyncos

McAfee Anti-Virus definitions      IronPort Servers

PXE Engine Updates                 IronPort Servers

IronPort AsyncOS upgrades          IronPort Servers

Service (list):                    Update URL:

------------------------------------------------------------------------------

McAfee Anti-Virus definitions      IronPort Servers

PXE Engine Updates                 IronPort Servers

IronPort AsyncOS upgrades          IronPort Servers

Update intervals: 5m, 5m

Proxy server: not enabled

HTTPS Proxy server: not enabled

Choose the operation you want to perform:

- SETUP - Edit update configuration.

Specifically
Enter the time interval between checks for new:
    - Sophos Anti-Virus definitions
    - IronPort Anti-Spam rules
    - Virus Outbreak Filters rules
Use a trailing 'm' for minutes or 'h' for hours. Enter '0' to disable automatic
updates (manual updates will still be available for individual services).
[5m]>
Enter the time interval between checks for new:
    - McAfee Anti-Virus definitions
    - PXE Engine Updates
Use a trailing 'm' for minutes or 'h' for hours. Enter '0' to disable automatic
updates (manual updates will still be available for individual services).
[5m]>
In most cases these settings don't need to be changed, but if you find that the updates are failing and you verified that you can resolve and connect to the update server you can try changing these settings.
I would however recommend contacting support for additional assistance before doing so.
Christopher C Smith
CSE
Cisco IronPort Customer Support 

View solution in original post

8 REPLIES 8
Christopher Smith
Enthusiast

Hello Omar,

Case updates generally occur every 15 minutes or so. If your seeing a failure to update and your antispam rule sets have not been updated since your install this could be due to a network related issue.

From the CLI you can check the status of the case updates using the command 'antispamstatus'

> antispamstatus

Component                                Last Update                                              Version
CASE Core Files               30 Jan 2009 03:57 (GMT)           2.7.0-102
Structural Rules                     03 Feb 2009 19:47 (GMT)          2.7.0-102-20090203_003604
Content Rules                           03 Feb 2009 23:22 (GMT)          20090203_231909
Content Rules Update    03 Feb 2009 23:22 (GMT)          20090203_232104
CASE Utilities                         30 Jan 2009 03:52 (GMT)             2.7.0-102

You should see at least 2 items updated in the last half hour.

Case core files and case utilities are typically only updated during an upgrade.

You can force an update from the CLI

You can force an update using the following;

smurf.run> antispamupdate ironport force

Forcing updates for CASE rules.

smurf.run>

You can view the status of the updates by tailing the antispam logs.
smurf.run> tail
Currently configured logs:
1. "antispam" Type: "Anti-Spam Logs" Retrieval: Manual Download
2. "antivirus" Type: "Anti-Virus Logs" Retrieval: Manual Download
3. "asarchive" Type: "Anti-Spam Archive" Retrieval: Manual Download
4. "authentication" Type: "Authentication Logs" Retrieval: Manual Download
5. "avarchive" Type: "Anti-Virus Archive" Retrieval: Manual Download
6. "bounces" Type: "Bounce Logs" Retrieval: Manual Download
7. "cli_logs" Type: "CLI Audit Logs" Retrieval: Manual Download
8. "encryption" Type: "Encryption Logs" Retrieval: Manual Download
9. "error_logs" Type: "IronPort Text Mail Logs" Retrieval: Manual Download
10. "euq_logs" Type: "Spam Quarantine Logs" Retrieval: Manual Download
11. "euqgui_logs" Type: "Spam Quarantine GUI Logs" Retrieval: Manual Download
12. "ftpd_logs" Type: "FTP Server Logs" Retrieval: Manual Download
13. "gui_logs" Type: "HTTP Logs" Retrieval: Manual Download
14. "joesmith" Type: "Filter Archive Logs" Retrieval: Manual Download
15. "mail_logs" Type: "IronPort Text Mail Logs" Retrieval: Manual Download
16. "reportd_logs" Type: "Reporting Logs" Retrieval: Manual Download
17. "reportqueryd_logs" Type: "Reporting Query Logs" Retrieval: Manual Download
18. "scanning" Type: "Scanning Logs" Retrieval: Manual Download
19. "snmp_logs" Type: "SNMP Logs" Retrieval: Manual Download
20. "sntpd_logs" Type: "NTP logs" Retrieval: Manual Download
21. "status" Type: "Status Logs" Retrieval: Manual Download
22. "system_logs" Type: "System Logs" Retrieval: Manual Download
23. "trackerd_logs" Type: "Tracking Logs" Retrieval: Manual Download
24. "updater_logs" Type: "Updater Logs" Retrieval: Manual Download
Enter the number of the log you wish to tail.
[]> 1
Press Ctrl-C to stop.
Thu Apr 21 15:14:35 2011 Info: case antispam - engine (1428) : startup: Region profile: Using profile global
Thu Apr 21 15:14:35 2011 Info: case antispam - engine (1428) : logger: removing stderr method
Thu Apr 21 15:14:57 2011 Info: case antispam - engine (1428) : config: Finished loading configuration
Thu Apr 21 15:14:57 2011 Info: case antispam - engine (1428) : case-daemon: server started on UNIX domain socket [tmpdir]case_srv.sock (running version 3.1.0)
Thu Apr 21 15:14:57 2011 Info: case antispam - engine (1428) : case-daemon: server pid: 1428
If after a few minutes you dont' see an update, you may want to check connectivity to the update server. The updates are downloaded via port 80
from downloads.ironport.com
^Csmurf.run> telnet
Please select which interface you want to telnet from.
1. Auto
2. Management (10.92.152.67/24: smurf.run)
[1]>
Enter the remote hostname or IP address.
[]> downloads.ironport.com
Enter the remote port.
[25]> 80
Trying 10.92.144.24...
Connected to downloads.ironport.com.
Escape character is '^]'
If you are unable to connect then it is likely that a proxy/firewall or ACL is blocking the connction to the update server.
Antispam and Antivirus updates are downloaded from the same server, with that in mind it would be a good idea to check updates for antivirus as well.
You can do this using the command antivirusstatus from the CLI.
Additionally you can force an update for antivirus using antivirusupdate force. You can then tail the logs for antvirus to check for the update status.
If Antivirus is updating and antispam is still having problems you may want to consider opening a service request so that we can assist you. You can do this directly from the forums if you prefer.
Christopher C Smith
CSE
Cisco IronPort Customer Support 

Hi Christoper,

thank you for the assistance. i did the same as per your last post but it is getting struck after the some update the antivirus is working fine we are able to update the antivirus the only issue is with case update for virus outbreak and anti spam. below is the details during the force update

Tue Apr 26 16:09:59 2011 Info: case antispam - engine (18802) : case-daemon: ser

ver pid: 18802

Tue Apr 26 16:09:59 2011 Info: case antispam - engine (18823) : case-daemon: Ini

tializing Child

Tue Apr 26 16:09:59 2011 Info: case antispam - engine (18824) : case-daemon: Ini

tializing Child

Tue Apr 26 16:09:59 2011 Info: case antispam - engine (18825) : case-daemon: Ini

tializing Child

Tue Apr 26 16:23:55 2011 Info: update - CASE - Update finished after 861.527 sec

Tue Apr 26 16:23:55 2011 Info: update - CASE - Attempting to update: 3600 second

timeout

Tue Apr 26 16:23:55 2011 Info: update - CASE - Starting update

Tue Apr 26 16:23:55 2011 Info: update - CASE - Checking for CASE Update

Tue Apr 26 16:24:09 2011 Info: case antispam - engine (19336) : startup: Region

profile: Using profile global

Tue Apr 26 16:24:09 2011 Info: case antispam - engine (19336) : logger: removing

stderr method

Tue Apr 26 16:24:20 2011 Info: case antispam - engine (19336) : config: Finished

loading configuration

Tue Apr 26 16:24:20 2011 Info: case antispam - engine (19336) : case-daemon: ser

ver started on UNIX domain socket [tmpdir]case_srv.sock (running version 3.0.0)

Tue Apr 26 16:24:20 2011 Info: case antispam - engine (19336) : case-daemon: ser

ver pid: 19336

Tue Apr 26 16:24:20 2011 Info: case antispam - engine (19357) : case-daemon: Ini

tializing Child

Tue Apr 26 16:24:20 2011 Info: case antispam - engine (19358) : case-daemon: Ini

tializing Child

Tue Apr 26 16:24:20 2011 Info: case antispam - engine (19359) : case-daemon: Ini

tializing Child


we are also able to telnet to the downloads.ironport.com.

please advice

Thanks in advance

Omar Fatah

Hi Omar,

This appears to be an issue that will require a bit more investigation. I would recommend opening a service request , so we can investigate this further.  Support will likely want to access your appliance via the remote access tunnel to trouble shoot this issue.

Christopher C Smith
CSE

Cisco IronPort Customer Support 

Hi Christoper,

i already opened the case and they are investigating on it. any way thank you for the support. if you get some tips please post to slove it.

Regards

Omar Fatah

Hi Omar,

Do you know what the SR number is for your issue?

Christopher C Smith

CSE

Cisco IronPort Customer Support

Hi,

The case number is SR 617508993. Expecting further assistance from you.

Regards

Omar Fatah

Case created outside of Forums

As a follow up for those that may be reviewing this thread I wanted to post some additional data.

Since the case was not opened via the threads I will be posting resolution data manually.

We ended up changing the update time out for this system. Network latency appeared to be causing the updates to fail. Given enough time the updates would finish successfully. Normally these settings do not need to be changed and in the event of an update failure the system will continue to try until successful however in this case that was not happening. We were seeing incomplete downloads. The default time out period turned out to be just around the midpoint of the download.

Extending the time out period resolved this and allowed the system to update successfully.

These settings can be modified from the CLI using the command 'updateconfig'

smurf.run> updateconfig

Service (images):                  Update URL:

------------------------------------------------------------------------------

Sophos Anti-Virus definitions      http://downloads.ironport.com/av

IronPort Anti-Spam rules           http://downloads.ironport.com/as

Virus Outbreak Filters rules       http://downloads.ironport.com/as

Feature Key updates                http://downloads.ironport.com/asyncos

McAfee Anti-Virus definitions      IronPort Servers

PXE Engine Updates                 IronPort Servers

IronPort AsyncOS upgrades          IronPort Servers

Service (list):                    Update URL:

------------------------------------------------------------------------------

McAfee Anti-Virus definitions      IronPort Servers

PXE Engine Updates                 IronPort Servers

IronPort AsyncOS upgrades          IronPort Servers

Update intervals: 5m, 5m

Proxy server: not enabled

HTTPS Proxy server: not enabled

Choose the operation you want to perform:

- SETUP - Edit update configuration.

Specifically
Enter the time interval between checks for new:
    - Sophos Anti-Virus definitions
    - IronPort Anti-Spam rules
    - Virus Outbreak Filters rules
Use a trailing 'm' for minutes or 'h' for hours. Enter '0' to disable automatic
updates (manual updates will still be available for individual services).
[5m]>
Enter the time interval between checks for new:
    - McAfee Anti-Virus definitions
    - PXE Engine Updates
Use a trailing 'm' for minutes or 'h' for hours. Enter '0' to disable automatic
updates (manual updates will still be available for individual services).
[5m]>
In most cases these settings don't need to be changed, but if you find that the updates are failing and you verified that you can resolve and connect to the update server you can try changing these settings.
I would however recommend contacting support for additional assistance before doing so.
Christopher C Smith
CSE
Cisco IronPort Customer Support 

View solution in original post

thnak you Smith,

Regards

Omar Fatah

Content for Community-Ad