11-14-2011 05:27 AM - edited 03-11-2019 02:50 PM
In ASDM under monitoring, Botnet Traffic Filter, Updater Client I noticed the following:
Last update attempted at 16:32:15 EDT Oct 13 2011,
with result: Failed to read downloaded update file
Next update is in 00:00:00
Database file version is '1317880142' fetched at 02:19:29 EDT Oct 6 2011, size: 2097150
Can anybody tell me how to get this to update to current version of the database?
If I click on Fetch Botnet Database it tells me update already pending.
Enable Botnet Updater Client and Use Botnet data dynamically downloaded from updater server are both enabled.
I'm running on an ASA5510 with v8.2(5) and Botnet traffic filter is licensed.
Thanks,
Mike
Solved! Go to Solution.
11-14-2011 01:59 PM
Alright, Do you have the Firewall on failover? Is there a way you can run in the other one and reload the current one? If not, have you tried to reload the ASA?
Ive seen a couple of cases where the low memory available can cause this, and some others where the case was resolved by reloading the unit.
Let me know.
Mike
11-14-2011 11:39 AM
Mike,
From the command line, you can do dynamic-filter database fetch, and that will try to pull the databse directly from Cisco. Make sure that from the firewall you can ping update-manifests.ironport.com, if you can ping it, there sould not be any problem trying to download it.
Mike Rojas
11-14-2011 11:48 AM
I can ping update-manifests.ironport.com from the firewall. When I do dynamic-filter database fetch the firewall responds with 'INFO: Dynamic Filter: update already pending' as noted above.
Thanks,
Mike
11-14-2011 12:02 PM
One quick question, is the botnet blocking sites at this point? Can you try to remove the dynamic filter commands and put them back again?
Mike
11-14-2011 12:05 PM
Yes it is still blocking sites. I already tried removing the dynamic filter commands and putting them back in earlier today.
Mike
11-14-2011 12:07 PM
Can you run the following command?
debug dynamic-filter updater-client
Mike
11-14-2011 12:11 PM
Ok I have entered that command. So how do I collect/view the output from it?
Mike
11-14-2011 12:17 PM
You should see the ASA trying to connect to update-manifests.ironport.com. That will indicate us if the Firewall has any problems trying to reach the updater server.
Do you have any new proxy server setup on the network, anything that may have changed?
Mike
11-14-2011 12:32 PM
I don't see anything related to update-manifests.ironport.com in the log. As a matter of fact we changed internet services on the afternoon of Oct. 13 which is the date noted in my original question. Now, nothing changed in the ASA during the internet service change with the exception of DNS server addresses. We kept the same block of public ip addresses.
Mike
11-14-2011 12:37 PM
Alright,
Can you let the debug on, remove and put the dynamic filter commands to see what we get on the logs once you do it? We may need to create some captures on the outside interface going to the updater website.
Mike.
11-14-2011 01:10 PM
11-14-2011 01:41 PM
Ok,
How much RAM do you have on the device?
Mike
11-14-2011 01:46 PM
256 MB
Mike
11-14-2011 01:52 PM
Is it running out of RAM memory? (show mem)
Mike
11-14-2011 01:54 PM
Free memory: 68516248 bytes (26%)
Used memory: 199919208 bytes (74%)
------------- ----------------
Total memory: 268435456 bytes (100%)
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide