1 Reply Latest reply on Nov 21, 2015 8:56 AM by andy777

    Rollout Error Could not update policy - "Error: Command has timed out"

    saosiner

      Rollout Error log   (Parser customized)

      16-11-2558 18-32-20.png

       

      Run asp command

      McAfee-ERC-VM4 / # asp

      ----- [[ (47) logging categories ]] ----------------

        L_ERROR     : fatal exceptions                          

        L_WARN      : non-fatal exceptional conditions         

        L_INFO      : normal program operations                

        L_SOURCE    : registered datasources                   

        L_MATCHBY   : matchby resolution                       

        L_CTREE     : dump ctrees used for matchby             

        L_KRPREP    : content string matching preparation      

        L_PCRE      : pcre execution                           

        L_RSSTATES  : policy parsing states                    

        L_RSTOKENS  : policy parsing tokens                    

        L_RSEXCLUDE : policy rule exclusion by version         

        L_RSJSON    : policy dump - json format                

        L_RSFILE    : policy dump - ruleset-file format        

        L_MATCH     : matching (choosing the rule) summary     

        L_MATCHING  : matching (choosing the rule) details     

        L_SNARE     : snare sigid lookup table                 

        L_NDBHERR   : ndbh field coercion failures (normal)    

        L_NDBHSET   : ndbh fields being set                    

        L_NDBHMAP   : ndbh map execution                       

        L_VAR       : additional information about var processing

        L_VALID     : policy compilation/validation failures   

        L_DNS       : dns lookups                              

        L_DIVIDE    : record division at parse time            

        L_ASP       : libasp logging                           

        L_ALERTS    : (null)                                   

        L_SWEEPR    : msgreader sweeper thread                 

        L_READER    : msgreader reader thread(s)               

        L_DFILE     : msgreader verbose datafile operations    

        L_INOTIF    : msgreader inotify operations             

        L_MSGRDR    : msgreader operations                     

        L_FILTER    : filter operations                        

        L_RSDUMP    : ruleset dump, dump format                

        L_NDBHDEF   : ndbh field definitions                   

        L_SYSHDR    : syslog header parsing                    

        L_TMZONE    : timezone translation tables              

        L_TOKENS    : parser token stream                      

        L_STATES    : parser state changes                     

        L_SHRED     : normalized json output upon shred        

        L_PARSE     : normalized json output upon parse        

        L_JSON      : libjson logging                          

        L_MAPPER    : libmapper logging                        

        L_XMLSHRED  : libxmlshred logging                      

        L_CEFSHRED  : libcefshred logging                      

        L_ORDERING  : rule ordering                            

        L_OPTIMIZER : optimizer thread                         

        L_ORDER     : liborder logging                         

        L_SUPPRESS  : logs tagged for suppression              

      ----- [[ applied output ]] ------------------------

        -> fd : stdout

      ----- [[ applied filters ]] -----------------------

        +(L_ERROR|L_WARN|L_INFO|L_VALID) : +0x00400118000000000000000000100007

        -(L_SUPPRESS) : -0x00000000200000000000000000000000

        +[L_MSGRDR] : +0x00000000000000000000000020000000

      Nov 16 11:35:23 L_INFO      08464|execution parameters

      Nov 16 11:35:23 L_INFO      08464|   (d) data-dir             =/var/log/data/inline/thirdparty.logs/

      Nov 16 11:35:23 L_INFO      08464|   (v) vipsid               =

      Nov 16 11:35:23 L_INFO      08464|       threads              =10

      Nov 16 11:35:23 L_INFO      08464|   (w) parsing-limit        =0

      Nov 16 11:35:23 L_INFO      08464|   (r) rule-dir             =/etc/NitroGuard/asp

      Nov 16 11:35:23 L_INFO      08464|       datetime-orientation =unspec

      Nov 16 11:35:23 L_INFO      08464|   (s) sampling             =no

      Nov 16 11:35:23 L_INFO      08464|       sampling-fd          =1

      Nov 16 11:35:23 L_INFO      08464|       sampling-rate        =1:1

      Nov 16 11:35:23 L_INFO      08464|       sampling-nometa      =0

      Nov 16 11:35:23 L_INFO      08464|       optimize             =no

      Nov 16 11:35:23 L_INFO      08464|       optimize-period      =10 min(s), 00 sec(s) or 600s

      Nov 16 11:35:23 L_INFO      08464|       optimize-window      =1 hr(s), 00 sec(s) or 3600s

      Nov 16 11:35:23 L_INFO      08464|       optimize-cache-dir   =/var/cache/asp

      Nov 16 11:35:23 L_INFO      08464|       dns                  =yes

      Nov 16 11:35:23 L_INFO      08464|loading clients

      Nov 16 11:35:23 L_INFO      08464|loading timezones

      Nov 16 11:35:24 L_INFO      08464|loading policy from  : '/etc/NitroGuard/asp'

      Nov 16 11:41:45 L_MSGRDR    08464|[            /14] registered

      Nov 16 11:41:45 L_MSGRDR    08464|[             /4] registered

      Nov 16 11:41:45 L_MSGRDR    08464|[            /18] registered

      Nov 16 11:41:45 L_MSGRDR    08464|[            /17] registered

      Nov 16 11:41:45 L_MSGRDR    08464|[            /16] registered

      Nov 16 11:41:45 L_MSGRDR    08464|[            /15] registered

      Nov 16 11:41:45 L_MSGRDR    08464|[             /3] registered

      Nov 16 11:41:45 L_MSGRDR    08464|[             /2] registered

      Nov 16 11:41:45 L_WARN      08464|unable to load or empty mapfile: /etc/NitroGuard/filter.map

      Nov 16 11:41:45 L_MSGRDR    08876|[begin] sweeper

      Nov 16 11:41:45 L_MSGRDR    08878|[begin] thread reader

      Nov 16 11:41:45 L_MSGRDR    08879|[begin] thread reader

      Nov 16 11:41:45 L_MSGRDR    08877|[begin] thread reader

      Nov 16 11:41:45 L_MSGRDR    08880|[begin] thread reader

      Nov 16 11:41:45 L_MSGRDR    08881|[begin] thread reader

      Nov 16 11:41:45 L_MSGRDR    08882|[begin] thread reader

      Nov 16 11:41:45 L_MSGRDR    08883|[begin] thread reader

      Nov 16 11:41:45 L_MSGRDR    08884|[begin] thread reader

      Nov 16 11:41:45 L_MSGRDR    08886|[begin] thread reader

      Nov 16 11:41:45 L_MSGRDR    08885|[begin] thread reader

      Nov 16 11:45:45 L_MSGRDR    08877|[             /2]  in/data.20151116113939000[ ] release -> out (31790:978 of - records)

      Nov 16 11:45:45 L_ERROR     08877|rename failure, error: [2][No such file or directory] at [libmsgreader/datafile.c:2023 (dfile_release)]

      Nov 16 11:45:45 L_ERROR     08877|dfile_release failed at [libmsgreader/readerthread.c:392 (reader_thread)]

      Nov 16 11:45:45 L_ERROR     08877|xlseek failure, error: [9][Bad file descriptor] at [libmsgreader/datafile.c:1893 (dfile_release)]

      Nov 16 11:45:45 L_ERROR     08877|dfile_release failed at [libmsgreader/readerthread.c:399 (reader_thread)]

      Nov 16 11:45:45 L_ERROR     08877|[end=0] thread reader

      Nov 16 11:45:45 L_MSGRDR    08881|[end=1] thread reader

      Nov 16 11:45:45 L_MSGRDR    08876|[end=1] thread sweeper

      Nov 16 11:45:45 L_ERROR     08880|select=[4][Interrupted system call] at [libasp/dns/dns.c:193 (dns_first_a46)]

      Nov 16 11:45:45 L_MSGRDR    08878|[end=1] thread reader

      Nov 16 11:45:45 L_ERROR     08880|dns_first_a46 failed at [libasp/parse/parse.c:288 (asp_parse)]

      Nov 16 11:45:45 L_ERROR     08880|asp_parse failed at [asp/main.c:616 (msghandler)]

      Nov 16 11:45:45 L_ERROR     08880|[             /3]  in/data.20151116113939000 parsing callback failed on record 39 of 0 at 20409:461 at [libmsgreader/readerthread.c:293 (reader_thread)]

      Nov 16 11:45:45 L_MSGRDR    08882|[end=1] thread reader

      Nov 16 11:45:45 L_MSGRDR    08880|[             /3]  in/data.20151116113939000[N] release -> shutdown (32:7 of - records)

      Nov 16 11:45:45 L_ERROR     08880|[end=0] thread reader

      Nov 16 11:45:45 L_MSGRDR    08886|[end=1] thread reader

      Nov 16 11:45:45 L_MSGRDR    08883|[end=1] thread reader

      Nov 16 11:45:45 L_MSGRDR    08879|[end=1] thread reader

      Nov 16 11:45:45 L_MSGRDR    08885|[end=1] thread reader

      Nov 16 11:45:45 L_MSGRDR    08884|[            /14]  in/data.20151116113939000[N] release -> shutdown (29930:1411 of - records)

      Nov 16 11:45:45 L_MSGRDR    08884|[end=1] thread reader

      Nov 16 11:45:45 L_ERROR     08464|mr_begin failed at [asp/main.c:374 (main)]

      Nov 16 11:45:45 L_INFO      08464|exiting with status: 1

       

      Nov 16 11:45:45 L_ERROR     08877|rename failure, error: [2][No such file or directory] at [libmsgreader/datafile.c:2023 (dfile_release)]


      *** I have checked the information   /etc/NitroGuard/thirdparty.conf  and found that [2] is Data source this a problem . ***  What have a solution rollout success ?