Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2209
Views
0
Helpful
5
Replies

FireSight management session terminated randomly

Andrew Jeon
Level 1
Level 1

‎11-18-2015 07:36 AM - edited ‎03-12-2019 05:49 AM

Firesight management gui session terminates randomly. It is not idle time out.

Once the management session terminated from the browser I have to wait about 5 minutes before I can get back to the management session.

I used IE, firefox, chrome and it happens on all three browsers. 

Version 5.4.1.2 (build 37).

Rebooting the system didn't make any difference. 

Can't find any bugs related this. 

I think it could be a tomcat/apache on linux hanging and I wonder if you have experienced similar problem.

Thanks in advance!

1 person had this problem
Labels:
0 Helpful
5 Replies 5

Aastha Bhardwaj
Cisco Employee
Cisco Employee

‎11-18-2015 09:50 AM

Hi,

Can you try checking :

/var/log/httpd/httpd_access_log and check for time of session expire.

Basically the session would expire whenever the source port associated with the Src ip address changes. When src port chnages the DC assumes its a new connecton and hence it times out.

This could because of the proxy setting on the browser or any intermediate NAT device which has less TCP timeout.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

0 Helpful

Andrew Jeon
Level 1
Level 1
In response to Aastha Bhardwaj

‎11-18-2015 01:13 PM

Aastha,

thanks for quick response. 

I don't have a nat device between my laptop and Firesight. 

I checked the error log and access log. Reset happened around 15:10 and 15:20

I see [cig:error] so I think it's something to do with apache.

could you take a look?

Error Log shows during those time. 

[Wed Nov 18 15:08:29] [mpm_prefork:notice] [pid 3711] AH00163: Apache/2.4.7 (Unix) OpenSSL/1.0.1m-fips configured -- resuming normal operations

[Wed Nov 18 15:08:29] [core:notice] [pid 3711] AH00094: Command line: '/usr/bin/httpsd -D FOREGROUND'

[Wed Nov 18 15:09:46] [cgi:error] [pid 3777] [client 10.183.60.166:51236] AH01215: Discarding edited policies... at /usr/local/sf/lib/perl/5.10.1/SF/Auth.pm line 841.

[Wed Nov 18 15:10:02] [cgi:error] [pid 4230] [client 10.183.60.166:51248] AH01215: Session timeout set <3600> at /usr/local/sf/lib/perl/5.10.1/SF/Auth.pm line 224, <DATA> line 275., referer: https://192.168.59.127/login.cgi?logout=1

[Wed Nov 18 15:17:14] [cgi:error] [pid 4229] [client 10.183.60.166:51378] AH01215: Discarding edited policies... at /usr/local/sf/lib/perl/5.10.1/SF/Auth.pm line 841.

[Wed Nov 18 15:20:12] [cgi:error] [pid 3777] [client 10.183.60.166:51408] AH01215: Session timeout set <3600> at /usr/local/sf/lib/perl/5.10.1/SF/Auth.pm line 224, <DATA> line 275., referer: https://192.168.59.127/login.cgi?logout=1

Access-log 

[2015-11-18 15:05:57] admin 200 GET /img/dashboard/no-cache/Top10-fff0962412c995161bc2f5c702b0778e-295-215.gif?0 23167 14979
[2015-11-18 15:09:45] admin 200 GET /login.cgi?logout=1 1425074 1087
[2015-11-18 15:09:46]  200 GET /css/login.css?v=5.4.1.1-33 150169 664
[2015-11-18 15:09:46]  200 GET /css/global.css?v=5.4.1.1-33 168380 4008
[2015-11-18 15:09:46] - - 200 GET /css/listview.css?v=5.4.1.1-33 151413 2308
[2015-11-18 15:09:46] - - 200 GET /css/base.css?v=5.4.1.1-33 153771 2040
[2015-11-18 15:09:46] - - 200 GET /img/logo-large.png?v=5.4.1.1-33 162322 1389
[2015-11-18 15:09:47] - - 200 GET /img/login.png 109507 192154
[2015-11-18 15:10:01] - - 302 POST /login.cgi?logout=1 1287592 0
[2015-11-18 15:10:02] admin 302 GET /index.cgi 1615131 0
[2015-11-18 15:10:04] admin 302 GET /dashboard/view.cgi 5390204 0
[2015-11-18 15:10:10] admin 200 GET /dashboard/view.cgi?id=6046ac9e-154c-11dd-a84b-d4f6af929ded 3841948 33134
[2015-11-18 15:10:13] admin 200 GET /gwt-utils/1438098399/gxt/css/gxt-all.css?v=5.4.1.1-33 64394 23578
[2015-11-18 15:17:14] admin 200 GET /login.cgi?logout=1 767287 1087
[2015-11-18 15:17:14] - - 200 GET /css/global.css?v=5.4.1.1-33 1324 4008
[2015-11-18 15:17:14] - - 200 GET /css/login.css?v=5.4.1.1-33 676 664

0 Helpful

Aastha Bhardwaj
Cisco Employee
Cisco Employee
In response to Andrew Jeon

‎11-18-2015 02:52 PM

Hi,

Is it only specifc to your laptop in the network or this happens from all machines ? In the httpsd_error_log , do you see any SSL related errors or any other errors. The messages that you have send across seems to be generic. Also can you check the o/p of :

DBCheck.pl and see if there are some database issues causing this ?

You would need to run the command from the root account .

Regards,

Aastha Bhardwaj

Rate if that helps!!!

0 Helpful

Sunil Kumar
Cisco Employee
Cisco Employee
In response to Andrew Jeon

‎01-23-2016 07:40 AM

We are unable to get much details from these log data. Could you grab the log files from the FireSIGHT and attach here. I would request you to attach (/var/log/messages, /var/log/httpd/httpsd_error_log, /var/log/httpd/httpsd_access_log). 

0 Helpful

Dinesh Verma
Cisco Employee
Cisco Employee

‎01-22-2016 11:35 PM

Maybe this answer is not quite related to the issue you've but I want to enlighten the fact here.

Firesight version 5.4.1.2 with build (37) was a devastated release, it had lot of bugs and main bug was ACL policy fail. That's the reason this image was taken down from Cisco portal. Sooner build 38 was released and everything was okay.

Link: https://software.cisco.com/download/release.html?mdfid=286261234&flowid=54051&softwareid=286271056&release=Rules%20Updates&relind=AVAILABLE&rellifecycle=&reltype=latest

If you've 5.4.1.2 build 37, you can't even upgrade to build 38 (auto or manual upgrade). Re-image is the only option. I tried this in my lab back in days and that's the only solution.

So I'd suggest you to go for build 38 or higher patch (5.4.1.5). Hope this helps.

Regards,

Dinesh Verma

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card