cancel
Showing results for 
Search instead for 
Did you mean: 

Rollout Error Could not update policy - "Error: Command has timed out"

Rollout Error log   (Parser customized)

16-11-2558 18-32-20.png

Run asp command

McAfee-ERC-VM4 / # asp

----- [[ (47) logging categories ]] ----------------

  L_ERROR     : fatal exceptions                          

  L_WARN      : non-fatal exceptional conditions         

  L_INFO      : normal program operations                

  L_SOURCE    : registered datasources                   

  L_MATCHBY   : matchby resolution                       

  L_CTREE     : dump ctrees used for matchby             

  L_KRPREP    : content string matching preparation      

  L_PCRE      : pcre execution                           

  L_RSSTATES  : policy parsing states                    

  L_RSTOKENS  : policy parsing tokens                    

  L_RSEXCLUDE : policy rule exclusion by version         

  L_RSJSON    : policy dump - json format                

  L_RSFILE    : policy dump - ruleset-file format        

  L_MATCH     : matching (choosing the rule) summary     

  L_MATCHING  : matching (choosing the rule) details     

  L_SNARE     : snare sigid lookup table                 

  L_NDBHERR   : ndbh field coercion failures (normal)    

  L_NDBHSET   : ndbh fields being set                    

  L_NDBHMAP   : ndbh map execution                       

  L_VAR       : additional information about var processing

  L_VALID     : policy compilation/validation failures   

  L_DNS       : dns lookups                              

  L_DIVIDE    : record division at parse time            

  L_ASP       : libasp logging                           

  L_ALERTS    : (null)                                   

  L_SWEEPR    : msgreader sweeper thread                 

  L_READER    : msgreader reader thread(s)               

  L_DFILE     : msgreader verbose datafile operations    

  L_INOTIF    : msgreader inotify operations             

  L_MSGRDR    : msgreader operations                     

  L_FILTER    : filter operations                        

  L_RSDUMP    : ruleset dump, dump format                

  L_NDBHDEF   : ndbh field definitions                   

  L_SYSHDR    : syslog header parsing                    

  L_TMZONE    : timezone translation tables              

  L_TOKENS    : parser token stream                      

  L_STATES    : parser state changes                     

  L_SHRED     : normalized json output upon shred        

  L_PARSE     : normalized json output upon parse        

  L_JSON      : libjson logging                          

  L_MAPPER    : libmapper logging                        

  L_XMLSHRED  : libxmlshred logging                      

  L_CEFSHRED  : libcefshred logging                      

  L_ORDERING  : rule ordering                            

  L_OPTIMIZER : optimizer thread                         

  L_ORDER     : liborder logging                         

  L_SUPPRESS  : logs tagged for suppression              

----- [[ applied output ]] ------------------------

  -> fd : stdout

----- [[ applied filters ]] -----------------------

  +(L_ERROR|L_WARN|L_INFO|L_VALID) : +0x00400118000000000000000000100007

  -(L_SUPPRESS) : -0x00000000200000000000000000000000

  +[L_MSGRDR] : +0x00000000000000000000000020000000

Nov 16 11:35:23 L_INFO      08464|execution parameters

Nov 16 11:35:23 L_INFO      08464|   (d) data-dir             =/var/log/data/inline/thirdparty.logs/

Nov 16 11:35:23 L_INFO      08464|   (v) vipsid               =

Nov 16 11:35:23 L_INFO      08464|       threads              =10

Nov 16 11:35:23 L_INFO      08464|   (w) parsing-limit        =0

Nov 16 11:35:23 L_INFO      08464|   (r) rule-dir             =/etc/NitroGuard/asp

Nov 16 11:35:23 L_INFO      08464|       datetime-orientation =unspec

Nov 16 11:35:23 L_INFO      08464|   (s) sampling             =no

Nov 16 11:35:23 L_INFO      08464|       sampling-fd          =1

Nov 16 11:35:23 L_INFO      08464|       sampling-rate        =1:1

Nov 16 11:35:23 L_INFO      08464|       sampling-nometa      =0

Nov 16 11:35:23 L_INFO      08464|       optimize             =no

Nov 16 11:35:23 L_INFO      08464|       optimize-period      =10 min(s), 00 sec(s) or 600s

Nov 16 11:35:23 L_INFO      08464|       optimize-window      =1 hr(s), 00 sec(s) or 3600s

Nov 16 11:35:23 L_INFO      08464|       optimize-cache-dir   =/var/cache/asp

Nov 16 11:35:23 L_INFO      08464|       dns                  =yes

Nov 16 11:35:23 L_INFO      08464|loading clients

Nov 16 11:35:23 L_INFO      08464|loading timezones

Nov 16 11:35:24 L_INFO      08464|loading policy from  : '/etc/NitroGuard/asp'

Nov 16 11:41:45 L_MSGRDR    08464|[            /14] registered

Nov 16 11:41:45 L_MSGRDR    08464|[             /4] registered

Nov 16 11:41:45 L_MSGRDR    08464|[            /18] registered

Nov 16 11:41:45 L_MSGRDR    08464|[            /17] registered

Nov 16 11:41:45 L_MSGRDR    08464|[            /16] registered

Nov 16 11:41:45 L_MSGRDR    08464|[            /15] registered

Nov 16 11:41:45 L_MSGRDR    08464|[             /3] registered

Nov 16 11:41:45 L_MSGRDR    08464|[             /2] registered

Nov 16 11:41:45 L_WARN      08464|unable to load or empty mapfile: /etc/NitroGuard/filter.map

Nov 16 11:41:45 L_MSGRDR    08876|[begin] sweeper

Nov 16 11:41:45 L_MSGRDR    08878|[begin] thread reader

Nov 16 11:41:45 L_MSGRDR    08879|[begin] thread reader

Nov 16 11:41:45 L_MSGRDR    08877|[begin] thread reader

Nov 16 11:41:45 L_MSGRDR    08880|[begin] thread reader

Nov 16 11:41:45 L_MSGRDR    08881|[begin] thread reader

Nov 16 11:41:45 L_MSGRDR    08882|[begin] thread reader

Nov 16 11:41:45 L_MSGRDR    08883|[begin] thread reader

Nov 16 11:41:45 L_MSGRDR    08884|[begin] thread reader

Nov 16 11:41:45 L_MSGRDR    08886|[begin] thread reader

Nov 16 11:41:45 L_MSGRDR    08885|[begin] thread reader

Nov 16 11:45:45 L_MSGRDR    08877|[             /2]  in/data.20151116113939000[ ] release -> out (31790:978 of - records)

Nov 16 11:45:45 L_ERROR     08877|rename failure, error: [2][No such file or directory] at [libmsgreader/datafile.c:2023 (dfile_release)]

Nov 16 11:45:45 L_ERROR     08877|dfile_release failed at [libmsgreader/readerthread.c:392 (reader_thread)]

Nov 16 11:45:45 L_ERROR     08877|xlseek failure, error: [9][Bad file descriptor] at [libmsgreader/datafile.c:1893 (dfile_release)]

Nov 16 11:45:45 L_ERROR     08877|dfile_release failed at [libmsgreader/readerthread.c:399 (reader_thread)]

Nov 16 11:45:45 L_ERROR     08877|[end=0] thread reader

Nov 16 11:45:45 L_MSGRDR    08881|[end=1] thread reader

Nov 16 11:45:45 L_MSGRDR    08876|[end=1] thread sweeper

Nov 16 11:45:45 L_ERROR     08880|select=[4][Interrupted system call] at [libasp/dns/dns.c:193 (dns_first_a46)]

Nov 16 11:45:45 L_MSGRDR    08878|[end=1] thread reader

Nov 16 11:45:45 L_ERROR     08880|dns_first_a46 failed at [libasp/parse/parse.c:288 (asp_parse)]

Nov 16 11:45:45 L_ERROR     08880|asp_parse failed at [asp/main.c:616 (msghandler)]

Nov 16 11:45:45 L_ERROR     08880|[             /3]  in/data.20151116113939000 parsing callback failed on record 39 of 0 at 20409:461 at [libmsgreader/readerthread.c:293 (reader_thread)]

Nov 16 11:45:45 L_MSGRDR    08882|[end=1] thread reader

Nov 16 11:45:45 L_MSGRDR    08880|[             /3]  in/data.20151116113939000 release -> shutdown (32:7 of - records)

Nov 16 11:45:45 L_ERROR     08880|[end=0] thread reader

Nov 16 11:45:45 L_MSGRDR    08886|[end=1] thread reader

Nov 16 11:45:45 L_MSGRDR    08883|[end=1] thread reader

Nov 16 11:45:45 L_MSGRDR    08879|[end=1] thread reader

Nov 16 11:45:45 L_MSGRDR    08885|[end=1] thread reader

Nov 16 11:45:45 L_MSGRDR    08884|[            /14]  in/data.20151116113939000 release -> shutdown (29930:1411 of - records)

Nov 16 11:45:45 L_MSGRDR    08884|[end=1] thread reader

Nov 16 11:45:45 L_ERROR     08464|mr_begin failed at [asp/main.c:374 (main)]

Nov 16 11:45:45 L_INFO      08464|exiting with status: 1

Nov 16 11:45:45 L_ERROR     08877|rename failure, error: [2][No such file or directory] at [libmsgreader/datafile.c:2023 (dfile_release)]


*** I have checked the information   /etc/NitroGuard/thirdparty.conf  and found that [2] is Data source this a problem . ***  What have a solution rollout success ?

1 Reply
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Rollout Error Could not update policy - "Error: Command has timed out"

You may want to try disabling Custom rules for that data source and see if that changes the situation. If it does then you have a starting point.