cancel
Showing results for 
Search instead for 
Did you mean: 
jxbianc
Level 7

Not getting any data in the HIPS Firewall 8.0 activity Log

Jump to solution

Anyone else seen this? I have HIPS Firewall only installed via EPO (4.5) in adaptive mode. Everything was working fine, then all of a sudden I stopped getting data back from the clients. EPO says the clients are active and if I look at the clients they all say the firewall is enabled. But I get no more entries in the activity log and no new adaptive rules uploaded to EPO. My rules still look fine.

When I look in the FireSvc.log I see the below errors:

10/13/2011 13:44:53 FwRuleConverter.cpp[6877] ERROR    (1832) setMatchDigitalSigner() - failed to reverse DSN = "*".

10/13/2011 13:44:53 FwRuleConverter.cpp[6318] ERROR    (1832) convertMatch() - failed to set digital signer match.

10/13/2011 13:44:53 FwRuleConverter.cpp[1466] ERROR    (1832) convert80AggrMatchToFireCore() - unable to convert match #1 of  aggr match "b9a1085e-ad16-4b0c-a062-3914dd7a0675".

10/13/2011 13:44:53 FwRuleConverter.cpp[1369] ERROR    (1832) convert80AggrMatchesToFireCore() - failed to convert the aggr match "b9a1085e-ad16-4b0c-a062-3914dd7a0675".

10/13/2011 13:44:53 FwRuleConverter.cpp[963] ERROR    (1832) internalConvert80ToFireCore() - failed to convert aggr matches. Conversion has failed.

10/13/2011 13:44:53 Policy.cpp[579] ERROR    (1832) buildFirecore() - failed to convert the policy data.

10/13/2011 13:44:53 Policy.cpp[538] ERROR    (1832) build() - failed to build the FireCore components.

10/13/2011 13:44:53 PolicyMgr.cpp[288] ERROR    (1832) buildPolicyFw() - failed to build firewall policy.

10/13/2011 13:44:53 FireCore.cpp[1211] ERROR    (1832) buildPolicyFw() - failed to build the firewall policy.

10/13/2011 13:44:53 FireCorePlugin.cpp[165] ERROR    (1832) hipfc_SetFwPolicy() - Failed to build firewall policy.

10/13/2011 13:44:53 CCONFIG[945] ERROR    sendFWRulesToKernel() - failed to build firewall policy.

10/13/2011 13:44:53 FireCore.cpp[835] ERROR    (1832) enablePolicyType( true ) - called before a policy has been set.

10/13/2011 13:44:53 FireCorePlugin.cpp[146] ERROR    (1832) hipfc_Enable() - Failed to enable FireCore.

10/13/2011 13:44:53 CCONFIG[981] ERROR    sendFWRulesToKernel() - failed to enable firewall policy in FireCore.

10/13/2011 13:44:53 MAINWRK[1300] INFO     Checking for expiration

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Not getting any data in the HIPS Firewall 8.0 activity Log

Jump to solution
10/13/2011 13:44:53 FwRuleConverter.cpp[6877] ERROR    (1832) setMatchDigitalSigner() - failed to reverse DSN = "*".

Check your firewall rules and see which rule has an Application executable listed with the Any option in the Signer section.  Change it to None or Specify a Signer.  Please open a Service Request with McAfee Support, if you have a support contract.

0 Kudos
2 Replies
McAfee Employee

Re: Not getting any data in the HIPS Firewall 8.0 activity Log

Jump to solution
10/13/2011 13:44:53 FwRuleConverter.cpp[6877] ERROR    (1832) setMatchDigitalSigner() - failed to reverse DSN = "*".

Check your firewall rules and see which rule has an Application executable listed with the Any option in the Signer section.  Change it to None or Specify a Signer.  Please open a Service Request with McAfee Support, if you have a support contract.

0 Kudos
jxbianc
Level 7

Re: Not getting any data in the HIPS Firewall 8.0 activity Log

Jump to solution

Thanks for the quick response, that was exactly what was wrong. As soon as I changed the signer option (and updated the policy) I started getting data again. I guess the any option is if there are more than one signature from the same company and not just a blanket.

0 Kudos