For some reason, backup file upload to FTP server is failing with the below error message though the credentials are correct. I have one more cluster which is working fine with the same credentials.
[02/Jan/2017:18:50:02 IST] Cannot push '/opt/mwg/log/user-defined-logs/backup.log/backup1612090130.log' to 'ftp:// x.x.x.x:21/WebReports/DMZ/backup1612090130- y.y.y.y.log'
command 'curl --globoff -q --tlsv1 --ciphers 'ALL:!aNULL:!eNULL:!EXPORT:!LOW:!kEDH' -f --insecure --silent --show-error --connect-timeout 30 --max-time 300 --ftp-create-dirs --user ftpuser:***** --upload-file /opt/mwg/log/user-defined-logs/backup.log/backup1612090130.log ftp://x.x.x.x:21/WebReports/DMZ/backup1612090130-y.y.y.y.log' failed with error code 67
Error output is 'curl: (67) Access denied: 530'
SHA1Hash of password is 'e0baa3c6b5e0a1b11c645c9e9ef8f2260a9ec02f'
Verion of both clusters : 220.127.116.11.0
x.x.x.x is the IP of ftp server
y.y.y.y is the IP of the MWG
With regard to the best practice article “Configuring McAfee Web Reporter log source for McAfee Web Gateway”:
The error code 67 stands for mismatching passwords. Therefore, the access is denied.
Maybe the credentials got changed under “Policy” > “Settings” > “File System logging” and aren’t synchronized yet on all cluster members.
You could also have a look at global log file pushing under “Configuration” > “Appliances” > “Log File Manager” if auto pushing is enabled. If yes, disable this option since log file pushing would be configured separately under “Policy” > “Settings” > “File System logging”, e.g. "Access Log Configuration" or "Access Denied Log Configuration".
Further information under:
Please check this and keep us informed.
Backup and browsing reports are going to 2 different servers.
HTTP is used for webreporter which is working fine.
ftp is used for configuration/policy backup and is not working,
ftp send username and password unencrypted. You can create a TCP dump and check entered credentials and server response.
GUI -> Troubleshooting -> Packet Capture (Parameters: -npi any -s0)
you can use 'host' parameter for tcpdump to filter the communication. Exp. -npi any -s0 host x.x.x.x