topic Re: RAD Error occur every 4 hours in Spark Firewall (SMB)

RAD Error occur every 4 hours

G_W_Albrecht — Thu, 23 Apr 2020 09:02:34 GMT

I have encountered a new issue on my 1550:

Log Line: Blade - RAD, Interface - daemon

Log Details: Error occur

Time	Today 08:29:58

Blade

RAD

Product Family

Network

Type	System Alert

Interface Direction

inbound

Severity

High

Description

Error occur

Reason

Failed to process CP Site Response., check /opt/fw1/log/rad_events/Errors/flow_4071_12101_MAIN_CHILD For more details

Anyone else encountering it every four hours, 6 times a day ?

Re: RAD Error occur every 4 hours

Chris_Atkinson — Thu, 23 Apr 2020 11:47:49 GMT

Is this occuring on R80.20.05 or another earlier version?

Re: RAD Error occur every 4 hours

G_W_Albrecht — Thu, 23 Apr 2020 14:09:51 GMT

On (and since)

R80.20.05 (992001134)

Re: RAD Error occur every 4 hours

PhoneBoy — Sun, 26 Apr 2020 01:40:09 GMT

I'm going to assume a TAC case is open?

Re: RAD Error occur every 4 hours

G_W_Albrecht — Mon, 04 May 2020 11:51:25 GMT

No, this is my Beta 1550 i have received from CP, and in UserCenter it shows No Support although it has all services and blades...

Re: RAD Error occur every 4 hours

G_W_Albrecht — Mon, 04 May 2020 11:53:05 GMT

I could use Asset Warranty for SR# - just thought this would happen to more units...

@Chris_Atkinson - what do you suggest ?

Re: RAD Error occur every 4 hours

G_W_Albrecht — Tue, 05 May 2020 14:40:15 GMT

FYI: Service Request 6-0001992216 has been created 8)

Re: RAD Error occur every 4 hours

G_W_Albrecht — Wed, 06 May 2020 06:47:09 GMT

I could have known this 8) :

Following the case description, let me inform that a similar RAD issue has been resolved recently by fix of R&D.
I've uploaded the firmware image file fw1_vx_dep_R80_992001148_20.img to SFTP account.
Please perform a manual upgrade using this firmware and then test again.

Re: RAD Error occur every 4 hours

Eric_Appelboom — Tue, 06 Oct 2020 12:28:48 GMT

Hi @Chris_Atkinson and @PhoneBoy . We have a similar but more frequent issue and could use some extra eyes. Still trying to get NTT to escalate case but RAD CPU is very high.

Installed R80.30 Take_217 with RAD updates, Backgrounded urlf and appi engines. Continues when even off peak.

rad is writing 500 events /second to /opt/CPsuite-R80.30/fw1/log/rad_events/Timeouts

Set RAD_QUERIES_NUMBER_PER_CONNECTION to 300 with no change

Please excuse dump below. It looks like it is Anti-Bot?

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
16727 admin 18 0 239m 142m 37m D 78 0.3 5:54.09 rad_resp_slow_2
16726 admin 18 0 239m 142m 37m R 68 0.3 6:07.09 rad_resp_slow_1
16725 admin 18 0 239m 142m 37m R 66 0.3 6:59.32 rad_resp_slow_0
16728 admin 18 0 239m 142m 37m R 66 0.3 6:11.13 rad_resp_slow_3
16724 admin 15 0 239m 142m 37m S 4 0.3 0:36.28 rad_cpu_3

[Expert@my13500:0]# cat /tmp/flow_16713_47877 | more
Flow ID = flow_16713_47877
Flow Termination Status:Ended Normally
Flow Started (20:07:40)
Flow Ended (20:07:46)
Flow Total Runtime:6 seconds (Timed out)

Flow Steps:
Generic Trap Flow (0 Seconds)
Cloud HTTP Access(IO) (6 Seconds)
Handling Decrypted Response (0 Seconds)
End Of Flow Steps

Flow Items:
_indicator@trapper:vsid=0
_indicator@trapper:version=0
_indicator@trapper:session=
_indicator@trapper:service=malware
_indicator@trapper:resource=catv-89-133-63-73.catv.broadband.hu
_indicator@trapper:key_len=35
_indicator@trapper:is_ipv6=0
_indicator@trapper:flags=0
Service=malware
Resource=catv-89-133-63-73.catv.broadband.hu
FlowError=Failed to process CP Site Response.
FetchUrl=http://cws.checkpoint.com:80/Malware/malware/6.0?resource=Y2F0di04OS0xMzMtNjMtNzMuY2F0di5icm9hZGJhbmQuaHU=&key=123456
ActiveFlows=162
End of Flow Items

Flow Last 822 Debug Messages:

[rad_trap_task.cpp:42] CRadTrapTask::run: [INFO] enter to ...
[rad_chain_runner.cpp:22] CRadChainRunner::insert: [INFO] enter to ...
[rad_chain_runner.cpp:29] CRadChainRunner::insert: [INFO] insert chain 'CRadTrapperHeader:0xf241cd60 is ok
[rad_chain_runner.cpp:22] CRadChainRunner::insert: [INFO] enter to ...
[rad_chain_runner.cpp:29] CRadChainRunner::insert: [INFO] insert chain 'CRadTrapperMessage:0xf241ce60 is ok
[rad_chain_runner.cpp:22] CRadChainRunner::insert: [INFO] enter to ...
[rad_chain_runner.cpp:29] CRadChainRunner::insert: [INFO] insert chain 'CRadCacheEnabler:0xf241cf50 is ok
[rad_chain_runner.cpp:22] CRadChainRunner::insert: [INFO] enter to ...
[rad_chain_runner.cpp:29] CRadChainRunner::insert: [INFO] insert chain 'CRadTrapperFetcher:0xf241d040 is ok
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueMap> free objects = 324, used 675 of 100000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_chain_runner.cpp:59] CRadChainRunner::run: [INFO] enter to ...
[rad_chain_runner.cpp:73] CRadChainRunner::run: [INFO] going to run chain 'CRadTrapperHeader'
[rad_trapper_header.cpp:228] CRadTrapperHeader::run: [INFO] enter to ...
[rad_buffer.cpp:341] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:355] CRadBuffer::read: [INFO] going to read: m_dlen = 184, _limit: 16
[rad_buffer.cpp:362] CRadBuffer::read: [INFO] read: m_dlen = 168, _limit: 16, _read_bytes: 16
[rad_buffer.cpp:363] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_header.cpp:208] CRadTrapperHeader::addChainData: [INFO] enter to ...
[rad_trapper_header.cpp:128] CRadTrapperHeader::addChainDataService: [INFO] enter to ...
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueString> free objects = 651, used 1350 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:service' _value 'malware'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_trapper_header.cpp:164] CRadTrapperHeader::addChainDataService: [INFO] exit from ..
[rad_trapper_header.cpp:172] CRadTrapperHeader::addChainDataVersion: [INFO] enter to ...
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueUInt> free objects = 1628, used 3366 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:version' _value '0'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_trapper_header.cpp:200] CRadTrapperHeader::addChainDataVersion: [INFO] exit from ..
[rad_trapper_header.cpp:274] CRadTrapperHeader::debug: [INFO] enter to ...
[rad_trapper_header.cpp:276] CRadTrapperHeader::debug: [INFO] serv = 6
[rad_trapper_header.cpp:277] CRadTrapperHeader::debug: [INFO] size = 179
[rad_trapper_header.cpp:278] CRadTrapperHeader::debug: [INFO] item = 5
[rad_trapper_header.cpp:263] CRadTrapperHeader::run: [INFO] exit from ..
[rad_chain_runner.cpp:83] CRadChainRunner::run: [INFO] run chain 'CRadTrapperHeader' is ok, l_read_total = 16
[rad_chain_runner.cpp:73] CRadChainRunner::run: [INFO] going to run chain 'CRadTrapperMessage'
[rad_trapper_message.cpp:62] CRadTrapperMessage::run: [INFO] enter to ...
[rad_trapper_message.cpp:94] CRadTrapperMessage::read: [INFO] enter to ...
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb8e0
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 168
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_trapper_message.cpp:126] CRadTrapperMessage::read: [INFO] read l_type: 3, l_bytes: 4
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueSession> free objects = 324, used 675 of 100000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb8e4
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 164
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 164, _limit: 16
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 148, _limit: 16, _read_bytes: 7
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (session)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_message.cpp:143] CRadTrapperMessage::read: [INFO] read l_name: session, l_bytes: 7
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb8f4
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 148
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_session.cpp:85] CRadValueSession::read: [INFO] enter to ...
[rad_buffer.cpp:341] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:355] CRadBuffer::read: [INFO] going to read: m_dlen = 144, _limit: 8
[rad_buffer.cpp:362] CRadBuffer::read: [INFO] read: m_dlen = 136, _limit: 8, _read_bytes: 8
[rad_buffer.cpp:363] CRadBuffer::read: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb900
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 136
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_session.cpp:109] CRadValueSession::read: [INFO] exit from ..
[rad_trapper_message.cpp:152] CRadTrapperMessage::read: [INFO] read: data <>
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb900
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 136
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:session' _value ''
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb900
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 136
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_trapper_message.cpp:126] CRadTrapperMessage::read: [INFO] read l_type: 1, l_bytes: 4
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueUInt> free objects = 1627, used 3367 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb904
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 132
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 132, _limit: 16
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 116, _limit: 16, _read_bytes: 7
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (is_ipv6)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_message.cpp:143] CRadTrapperMessage::read: [INFO] read l_name: is_ipv6, l_bytes: 7
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb914
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 116
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_uint.cpp:82] CRadValueUInt::read: [INFO] enter to ...
[rad_value_uint.cpp:94] CRadValueUInt::read: [INFO] read: m_value = 0
[rad_value_uint.cpp:95] CRadValueUInt::read: [INFO] exit from ..
[rad_trapper_message.cpp:152] CRadTrapperMessage::read: [INFO] read: data <0>
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb918
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 112
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:is_ipv6' _value '0'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb918
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 112
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_trapper_message.cpp:126] CRadTrapperMessage::read: [INFO] read l_type: 2, l_bytes: 4
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueString> free objects = 650, used 1351 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb91c
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 108
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 108, _limit: 16
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 92, _limit: 16, _read_bytes: 8
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (resource)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_message.cpp:143] CRadTrapperMessage::read: [INFO] read l_name: resource, l_bytes: 8
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb92c
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 92
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_string.cpp:98] CRadValueString::read: [INFO] enter to ...
[rad_value_string.cpp:108] CRadValueString::read: [MISC] read: l_size: 35
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb930
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 88
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 88, _limit: 35
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 53, _limit: 35, _read_bytes: 35
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (catv-89-133-63-73.catv.broadband.hu)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb953
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 53
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_string.cpp:123] CRadValueString::read: [INFO] exit from ..
[rad_trapper_message.cpp:152] CRadTrapperMessage::read: [INFO] read: data <catv-89-133-63-73.catv.broadband.hu>
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb953
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 53
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:resource' _value 'catv-89-133-63-73.catv.broadband.hu'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb953
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 53
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_trapper_message.cpp:126] CRadTrapperMessage::read: [INFO] read l_type: 1, l_bytes: 4
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueUInt> free objects = 1626, used 3368 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb957
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 49
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 49, _limit: 16
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 33, _limit: 16, _read_bytes: 7
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (key_len)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_message.cpp:143] CRadTrapperMessage::read: [INFO] read l_name: key_len, l_bytes: 7
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb967
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 33
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_uint.cpp:82] CRadValueUInt::read: [INFO] enter to ...
[rad_value_uint.cpp:94] CRadValueUInt::read: [INFO] read: m_value = 35
[rad_value_uint.cpp:95] CRadValueUInt::read: [INFO] exit from ..
[rad_trapper_message.cpp:152] CRadTrapperMessage::read: [INFO] read: data <35>
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb96b
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 29
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:key_len' _value '35'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb96b
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 29
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_trapper_message.cpp:126] CRadTrapperMessage::read: [INFO] read l_type: 1, l_bytes: 4
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueUInt> free objects = 1625, used 3369 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb96f
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 25
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 25, _limit: 16
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 9, _limit: 16, _read_bytes: 5
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (flags)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_message.cpp:143] CRadTrapperMessage::read: [INFO] read l_name: flags, l_bytes: 5
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb97f
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 9
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_uint.cpp:82] CRadValueUInt::read: [INFO] enter to ...
[rad_value_uint.cpp:94] CRadValueUInt::read: [INFO] read: m_value = 0
[rad_value_uint.cpp:95] CRadValueUInt::read: [INFO] exit from ..
[rad_trapper_message.cpp:152] CRadTrapperMessage::read: [INFO] read: data <0>
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xed9bb983
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 5
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:flags' _value '0'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_trapper_message.cpp:175] CRadTrapperMessage::read: [INFO] successfuly read (5) items, values map size = 7
[rad_trapper_message.cpp:176] CRadTrapperMessage::read: [INFO] exit from ..
[rad_trapper_message.cpp:184] CRadTrapperMessage::addChainDataVsid: [INFO] enter to ...
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueUInt> free objects = 1624, used 3370 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:vsid' _value '0'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_trapper_message.cpp:210] CRadTrapperMessage::addChainDataVsid: [INFO] exit from ..
[rad_trapper_message.cpp:83] CRadTrapperMessage::run: [INFO] exit from ..
[rad_chain_runner.cpp:83] CRadChainRunner::run: [INFO] run chain 'CRadTrapperMessage' is ok, l_read_total = 16
[rad_chain_runner.cpp:73] CRadChainRunner::run: [INFO] going to run chain 'CRadCacheEnabler'
[rad_cache_enabler.cpp:55] CRadCacheEnabler::run: [INFO] enter to ...
[rad_dataset.cpp:343] CRadDataSet::getServiceSettings: [INFO] enter to ...
[rad_dataset.cpp:327] CRadDataSet::getServiceManager: [INFO] enter to ...
[rad_dataset.cpp:336] CRadDataSet::getServiceManager: [INFO] exit from ..
[rad_dataset.cpp:352] CRadDataSet::getServiceSettings: [INFO] exit from ..
[rad_cache_enabler.cpp:92] CRadCacheEnabler::run: [INFO] service malware not required cache
[rad_chain_runner.cpp:83] CRadChainRunner::run: [INFO] run chain 'CRadCacheEnabler' is ok, l_read_total = 16
[rad_chain_runner.cpp:73] CRadChainRunner::run: [INFO] going to run chain 'CRadTrapperFetcher'
[rad_trapper_fetcher.cpp:54] CRadTrapperFetcher::run: [INFO] enter to ...
[rad_dataset.cpp:417] CRadDataSet::getQuery: [INFO] enter to ...
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadQuery> free objects = 324, used 675 of 100000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_dataset.cpp:427] CRadDataSet::getQuery: [INFO] exit from ..
[rad_query.cpp:160] CRadQuery::build: [INFO] enter to ...
[rad_http_request.cpp:103] CRadHttpRequest::build: [INFO] enter to ...
[rad_http_request.cpp:81] CRadHttpRequest::getBuilder: [INFO] enter to ...
[rad_http_request.cpp:95] CRadHttpRequest::getBuilder: [INFO] exit from ..
[rad_http_request.cpp:115] CRadHttpRequest::build: [INFO] find builder key new 'malware+0'
[rad_http_request_builder.cpp:68] CRadHttpRequestBuilder::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_host_64.cpp:35] CRadHttpRequestHost64::build: [INFO] enter to ...
[rad_http_request_host_64.cpp:61] CRadHttpRequestHost64::build: [INFO] 0x8cbe3b8'keylen' found (35)
[rad_http_request_host_64.cpp:78] CRadHttpRequestHost64::build: [INFO] 0x8cbe3b8'flags' found (0)
[rad_http_request_host_64.cpp:90] CRadHttpRequestHost64::build: [INFO] host resource is catv-89-133-63-73.catv.broadband.hu
[rad_http_request_comp_val64.cpp:28] CRadHttpRequestCompVal64::buildBase64: [INFO] enter to ...
[rad_http_request_comp_val64.cpp:41] CRadHttpRequestCompVal64::buildBase64: [INFO] Base64Length: 48, Base64Allocated: 57
[rad_http_request_comp_val64.cpp:42] CRadHttpRequestCompVal64::buildBase64: [INFO] Base64: Y2F0di04OS0xMzMtNjMtNzMuY2F0di5icm9hZGJhbmQuaHU=
[rad_http_request_comp_val64.cpp:47] CRadHttpRequestCompVal64::buildBase64: [INFO] exit from ..
[rad_http_request_host_64.cpp:103] CRadHttpRequestHost64::build: [INFO] build indicator 'trapper:resource'
[rad_http_request_host_64.cpp:104] CRadHttpRequestHost64::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_optional_value.cpp:28] CRadHttpRequestOptionalValue::build: [INFO] enter to ...
[rad_http_request_optional_value.cpp:39] CRadHttpRequestOptionalValue::build: [INFO] unable to find 'cpradus:resend in value map
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_nline.cpp:26] CRadHttpRequestCompNLine::build: [INFO] enter to ...
[rad_http_request_comp_nline.cpp:30] CRadHttpRequestCompNLine::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_nline.cpp:26] CRadHttpRequestCompNLine::build: [INFO] enter to ...
[rad_http_request_comp_nline.cpp:30] CRadHttpRequestCompNLine::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_nline.cpp:26] CRadHttpRequestCompNLine::build: [INFO] enter to ...
[rad_http_request_comp_nline.cpp:30] CRadHttpRequestCompNLine::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_nline.cpp:26] CRadHttpRequestCompNLine::build: [INFO] enter to ...
[rad_http_request_comp_nline.cpp:30] CRadHttpRequestCompNLine::build: [INFO] exit from ..
[rad_http_request_comp_nline.cpp:26] CRadHttpRequestCompNLine::build: [INFO] enter to ...
[rad_http_request_comp_nline.cpp:30] CRadHttpRequestCompNLine::build: [INFO] exit from ..
[rad_http_request_builder.cpp:81] CRadHttpRequestBuilder::build: [INFO] exit from ..
[rad_http_request.cpp:132] CRadHttpRequest::build: [INFO] Request Location 'cws.checkpoint.com:80'
[rad_http_request.cpp:133] CRadHttpRequest::build: [INFO] Request Proxy Location ''
[rad_http_request.cpp:141] CRadHttpRequest::build: [INFO] build request =
GET /Malware/malware/6.0?resource=Y2F0di04OS0xMzMtNjMtNzMuY2F0di5icm9hZGJhbmQuaHU=&key=123456 HTTP/1.1
Connection: Keep-Alive
User-Agent: RAD_CLIENT
Host: cws.checkpoint.com:80

[rad_http_request.cpp:142] CRadHttpRequest::build: [INFO] exit from ..
[rad_query.cpp:175] CRadQuery::build: [INFO] build request is successful for service 'malware'
[rad_query.cpp:176] CRadQuery::build: [INFO] exit from ..
[rad_query.cpp:192] CRadQuery::startTripTime: [INFO] enter to ...
[rad_query.cpp:183] CRadQuery::startTime: [INFO] enter to ...
[rad_query.cpp:185] CRadQuery::startTime: [INFO] start time at: 1.60199e+12
[rad_query.cpp:186] CRadQuery::startTime: [INFO] exit from ..
[rad_query.cpp:194] CRadQuery::startTripTime: [INFO] exit from ..
[rad_http_request.cpp:55] CRadHttpRequest::getLocation: [INFO] enter to ...
[rad_http_request.cpp:160] CRadHttpRequest::toString2: [INFO] enter to ...
[rad_http_request.cpp:175] CRadHttpRequest::toString2: [INFO] Fixed request = http://cws.checkpoint.com:80/Malware/malware/6.0?resource=Y2F0di04OS0xMzMtNjMtNzMuY2F0di5icm9hZGJhbmQuaHU=&key=123456
[rad_io_tasks_manager.cpp:84] CRadIoTasksManager::scheduleIoTask: [INFO] enter to ...
[rad_io_tasks_manager.cpp:106] CRadIoTasksManager::scheduleIoTask: [INFO] Scheduling HTTP task
[rad_thread_pools_container.cpp:49] CRadThreadPoolsContainer::instance: [INFO] enter to ...
[rad_thread_pool.cpp:50] CRadThreadPool::addTask: [INFO] enter to ...
[rad_thread_pool.cpp:65] CRadThreadPool::addTask: [INFO] task added to queue
[rad_trapper_fetcher.cpp:100] CRadTrapperFetcher::run: [INFO] exit from ..
[rad_chain_runner.cpp:83] CRadChainRunner::run: [INFO] run chain 'CRadTrapperFetcher' is ok, l_read_total = 16
[rad_chain_runner.cpp:87] CRadChainRunner::run: [INFO] succefull running the chain, l_read_total = 16
[rad_chain_runner.cpp:88] CRadChainRunner::run: [INFO] exit from ..
[rad_trap_task.cpp:64] CRadTrapTask::run: [INFO] chain successfull run pass ok, total bytes = 0
[rad_curl_task.cpp:65] CRadCurlTask::run: [INFO] enter to ...
[rad_curl_task.cpp:45] CRadCurlTask::get_my_curl_handle: [INFO] enter to ...
[rad_curl_http_task.cpp:26] CRadCurlHttpTask::configureCurl: [INFO] enter to ...
[rad_curl_http_task.cpp:36] CRadCurlHttpTask::configureCurl: [INFO] Request: 'http://cws.checkpoint.com:80/Malware/malware/6.0?resource=Y2F0di04OS0xMzMtNjMtNzMuY2F0di5icm9hZGJhbmQuaHU=&key=123456'
[rad_curl_http_task.cpp:76] CRadCurlHttpTask::configureCurl: [INFO] Set curl shared object
[rad_curl_http_task.cpp:95] CRadCurlHttpTask::configureCurl: [INFO] Curl configuration done
[rad_curl_task.cpp:144] CRadCurlTask::write_callback: [INFO] enter to ...
[rad_curl_task.cpp:145] CRadCurlTask::write_callback: [INFO] nmemb = 320
[rad_http_response_handler.cpp:27] CRadHttpResponseHandler::goToNextTask: [INFO] enter to ...
[rad_response_task.cpp:19] CRadResponseTask::CRadResponseTask: [INFO] enter to ...
[rad_decrypted_response_task.cpp:23] CRadDecryptedResponseTask::CRadDecryptedResponseTask: [INFO] enter to ...
[rad_thread_pools_container.cpp:49] CRadThreadPoolsContainer::instance: [INFO] enter to ...
[rad_thread_pool.cpp:50] CRadThreadPool::addTask: [INFO] enter to ...
[rad_thread_pool.cpp:65] CRadThreadPool::addTask: [INFO] task added to queue
[rad_response_task.cpp:48] CRadResponseTask::run: [INFO] enter to ...
[rad_decrypted_response_task.cpp:41] CRadDecryptedResponseTask::getResponseString: [INFO] enter to ...
[rad_keyset.cpp:44] CRadRepositoryContaineData::getRadEncKeyByServiceKey: [INFO] enter to ...
[rad_keyset.cpp:49] CRadRepositoryContaineData::getRadEncKeyByServiceKey: [INFO] no key found for requested service: malware+0returning default
[rad_keyset.cpp:35] CRadRepositoryContaineData::getRadDefaultEncKey: [INFO] enter to ...
[rad_keyset.cpp:37] CRadRepositoryContaineData::getRadDefaultEncKey: [INFO] exit from ..
[rad_decrypted_response_task.cpp:100] CRadDecryptedResponseTask::setRadEncKey: [INFO] enter to ...
[rad_decrypted_response_task.cpp:110] CRadDecryptedResponseTask::setRadEncKey: [INFO] init encryption key is: '0xeab92dc8'
[rad_decrypted_response_task.cpp:111] CRadDecryptedResponseTask::setRadEncKey: [INFO] exit from ..
[rad_decrypted_response_task.cpp:119] CRadDecryptedResponseTask::decrypt: [INFO] enter to ...
[rad_decrypted_response_task.cpp:121] CRadDecryptedResponseTask::decrypt: [INFO] _buff size is 320 modulu = 0
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xea6e9a40
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 320
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_decrypted_response_task.cpp:140] CRadDecryptedResponseTask::decrypt: [INFO] exit from ..
[rad_decrypted_response_task.cpp:148] CRadDecryptedResponseTask::strip: [INFO] enter to ...
[rad_decrypted_response_task.cpp:171] CRadDecryptedResponseTask::strip: [INFO] response =
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><response><version>5.0</version><status>ok</status><service name="malware"><ttl>1800</ttl><pc>0</pc><useUrl>false</useUrl><wd>false</wd><wld>false</wld><fld>1</fld></service></respon
se>
[rad_decrypted_response_task.cpp:172] CRadDecryptedResponseTask::strip: [INFO] exit from ..
[rad_response_task.cpp:72] CRadResponseTask::run: [INFO] Response = <?xml version="1.0" encoding="UTF-8" standalone="yes"?><response><version>5.0</version><status>ok</status><service name="malware"><ttl>1800</ttl><pc>0</pc><useUrl>false<
/useUrl><wd>false</wd><wld>false</wld><fld>1</fld></service></response>
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadFetcher> free objects = 50, used 0 of 100000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_fetcher.cpp:113] CRadFetcher::handle_data: [INFO] enter to ...
[rad_fetcher.cpp:83] CRadFetcher::getAdapter: [INFO] enter to ...
[rad_fetcher.cpp:101] CRadFetcher::getAdapter: [INFO] exit from ..
[rad_fetcher_adapter_fwioctl.cpp:192] CRadFetcherAdapterFwIoctl::handle_response: [INFO] enter to ...
[rad_xml_parser.cpp:66] CRadXmlParser::init: [INFO] enter to ...
[rad_factory.cpp:26] CRadFactory::registerObject: [INFO] enter to ...
[rad_factory.cpp:30] CRadFactory::registerObject: [INFO] resigter object of <CRadXmlAppi> on the factory
[rad_factory.cpp:31] CRadFactory::registerObject: [INFO] exit from ..
[rad_factory.cpp:26] CRadFactory::registerObject: [INFO] enter to ...
[rad_factory.cpp:30] CRadFactory::registerObject: [INFO] resigter object of <CRadXmlUrlf> on the factory
[rad_factory.cpp:31] CRadFactory::registerObject: [INFO] exit from ..
[rad_factory.cpp:26] CRadFactory::registerObject: [INFO] enter to ...
[rad_factory.cpp:30] CRadFactory::registerObject: [INFO] resigter object of <CRadXmlUrlfs> on the factory
[rad_factory.cpp:31] CRadFactory::registerObject: [INFO] exit from ..
[rad_factory.cpp:26] CRadFactory::registerObject: [INFO] enter to ...
[rad_factory.cpp:30] CRadFactory::registerObject: [INFO] resigter object of <CRadXmlMalware> on the factory
[rad_factory.cpp:31] CRadFactory::registerObject: [INFO] exit from ..
[rad_factory.cpp:26] CRadFactory::registerObject: [INFO] enter to ...
[rad_factory.cpp:30] CRadFactory::registerObject: [INFO] resigter object of <CRadXmlAV> on the factory
[rad_factory.cpp:31] CRadFactory::registerObject: [INFO] exit from ..
[rad_factory.cpp:26] CRadFactory::registerObject: [INFO] enter to ...
[rad_factory.cpp:30] CRadFactory::registerObject: [INFO] resigter object of <CRadXmlAmws> on the factory
[rad_factory.cpp:31] CRadFactory::registerObject: [INFO] exit from ..
[rad_xerces.cpp:91] CRadXerces::init: [INFO] enter to ...
[rad_xerces.cpp:34] CRadXerces::clear: [INFO] enter to ...
[rad_xml_parser.cpp:39] CRadXmlParser::registerListner: [INFO] enter to ...
[rad_factory.cpp:37] CRadFactory::get: [INFO] enter to ...
[rad_factory.cpp:44] CRadFactory::get: [MISC] createNew object <CRadXmlAppi:0x8e75998>
[rad_xml_parser.cpp:57] CRadXmlParser::registerListner: [INFO] exit from ..
[rad_xml_parser.cpp:39] CRadXmlParser::registerListner: [INFO] enter to ...
[rad_factory.cpp:37] CRadFactory::get: [INFO] enter to ...
[rad_factory.cpp:44] CRadFactory::get: [MISC] createNew object <CRadXmlUrlf:0x8f669e0>
[rad_xml_parser.cpp:57] CRadXmlParser::registerListner: [INFO] exit from ..
[rad_xml_parser.cpp:39] CRadXmlParser::registerListner: [INFO] enter to ...
[rad_factory.cpp:37] CRadFactory::get: [INFO] enter to ...
[rad_factory.cpp:44] CRadFactory::get: [MISC] createNew object <CRadXmlMalware:0x8fa8328>
[rad_xml_parser.cpp:57] CRadXmlParser::registerListner: [INFO] exit from ..
[rad_xml_parser.cpp:39] CRadXmlParser::registerListner: [INFO] enter to ...
[rad_factory.cpp:37] CRadFactory::get: [INFO] enter to ...
[rad_factory.cpp:44] CRadFactory::get: [MISC] createNew object <CRadXmlUrlfs:0x8e837c0>
[rad_xml_parser.cpp:57] CRadXmlParser::registerListner: [INFO] exit from ..
[rad_xml_parser.cpp:39] CRadXmlParser::registerListner: [INFO] enter to ...
[rad_factory.cpp:37] CRadFactory::get: [INFO] enter to ...
[rad_factory.cpp:44] CRadFactory::get: [MISC] createNew object <CRadXmlAV:0x958e2e8>
[rad_xml_parser.cpp:57] CRadXmlParser::registerListner: [INFO] exit from ..
[rad_xml_parser.cpp:39] CRadXmlParser::registerListner: [INFO] enter to ...
[rad_factory.cpp:37] CRadFactory::get: [INFO] enter to ...
[rad_factory.cpp:44] CRadFactory::get: [MISC] createNew object <CRadXmlAmws:0x9077948>
[rad_xml_parser.cpp:57] CRadXmlParser::registerListner: [INFO] exit from ..
[rad_xml_parser.cpp:110] CRadXmlParser::init: [INFO] exit from ..
[rad_xml_parser.cpp:118] CRadXmlParser::parser: [INFO] enter to ...
[rad_xerces.cpp:247] CRadXerces::parse: [INFO] enter to ...
[rad_xerces.cpp:91] CRadXerces::init: [INFO] enter to ...
[rad_xerces.cpp:34] CRadXerces::clear: [INFO] enter to ...
[rad_xerces.cpp:260] CRadXerces::parse: [INFO] exit from ..
[rad_xerces.cpp:190] CRadXerces::getRootElement: [INFO] enter to ...
[rad_xml_service.cpp:30] CRadIterator::setResponse: [INFO] enter to ...
[rad_xml_service.cpp:36] CRadIterator::setResponse: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'service:name=amws':0x9077948>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_service.cpp:30] CRadIterator::setResponse: [INFO] enter to ...
[rad_xml_service.cpp:36] CRadIterator::setResponse: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'service:name=antivirus':0x958e2e8>, m_listen_map.size() = 2
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_service.cpp:30] CRadIterator::setResponse: [INFO] enter to ...
[rad_xml_service.cpp:36] CRadIterator::setResponse: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'service:name=appi':0x8e75998>, m_listen_map.size() = 3
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_service.cpp:30] CRadIterator::setResponse: [INFO] enter to ...
[rad_xml_service.cpp:36] CRadIterator::setResponse: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'service:name=categorization':0x8f669e0>, m_listen_map.size() = 4
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_service.cpp:30] CRadIterator::setResponse: [INFO] enter to ...
[rad_xml_service.cpp:36] CRadIterator::setResponse: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'service:name=malware':0x8fa8328>, m_listen_map.size() = 5
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_service.cpp:30] CRadIterator::setResponse: [INFO] enter to ...
[rad_xml_service.cpp:36] CRadIterator::setResponse: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'service:name=urlfs':0x8e837c0>, m_listen_map.size() = 6
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 6
[rad_xml_element.cpp:378] CRadXmlElement::iterator::listen: [INFO] m_list length = 3
[rad_xml_element.cpp:157] CRadXmlElement::iterator::operator++: [INFO] enter to ...
[rad_xml_element.cpp:176] CRadXmlElement::iterator::operator++: [INFO] m_item = 0, m_list->getLength = 3
[rad_xml_element.cpp:566] CRadXmlElement::parseAttributes: [INFO] enter to ...
[rad_xml_element.cpp:598] CRadXmlElement::parseAttributes: [INFO] indecator: version
[rad_xml_element.cpp:599] CRadXmlElement::parseAttributes: [INFO] exit from ..
[rad_xml_element.cpp:206] CRadXmlElement::iterator::operator++: [INFO] exit from ..
[rad_xml_element.cpp:381] CRadXmlElement::iterator::listen: [INFO] indicator = <version>, m_listen_map.size() = 6
[rad_xml_element.cpp:316] CRadXmlElement::iterator::getListener: [INFO] enter to ...
[rad_xml_element.cpp:328] CRadXmlElement::iterator::getListener: [INFO] exit from ..
[rad_xml_element.cpp:378] CRadXmlElement::iterator::listen: [INFO] m_list length = 3
[rad_xml_element.cpp:157] CRadXmlElement::iterator::operator++: [INFO] enter to ...
[rad_xml_element.cpp:176] CRadXmlElement::iterator::operator++: [INFO] m_item = 1, m_list->getLength = 3
[rad_xml_element.cpp:566] CRadXmlElement::parseAttributes: [INFO] enter to ...
[rad_xml_element.cpp:598] CRadXmlElement::parseAttributes: [INFO] indecator: status
[rad_xml_element.cpp:599] CRadXmlElement::parseAttributes: [INFO] exit from ..
[rad_xml_element.cpp:206] CRadXmlElement::iterator::operator++: [INFO] exit from ..
[rad_xml_element.cpp:381] CRadXmlElement::iterator::listen: [INFO] indicator = <status>, m_listen_map.size() = 6
[rad_xml_element.cpp:316] CRadXmlElement::iterator::getListener: [INFO] enter to ...
[rad_xml_element.cpp:328] CRadXmlElement::iterator::getListener: [INFO] exit from ..
[rad_xml_element.cpp:378] CRadXmlElement::iterator::listen: [INFO] m_list length = 3
[rad_xml_element.cpp:157] CRadXmlElement::iterator::operator++: [INFO] enter to ...
[rad_xml_element.cpp:176] CRadXmlElement::iterator::operator++: [INFO] m_item = 2, m_list->getLength = 3
[rad_xml_element.cpp:566] CRadXmlElement::parseAttributes: [INFO] enter to ...
[rad_xml_element.cpp:598] CRadXmlElement::parseAttributes: [INFO] indecator: service:name=malware
[rad_xml_element.cpp:599] CRadXmlElement::parseAttributes: [INFO] exit from ..
[rad_xml_element.cpp:206] CRadXmlElement::iterator::operator++: [INFO] exit from ..
[rad_xml_element.cpp:381] CRadXmlElement::iterator::listen: [INFO] indicator = <service:name=malware>, m_listen_map.size() = 6
[rad_xml_element.cpp:316] CRadXmlElement::iterator::getListener: [INFO] enter to ...
[rad_xml_element.cpp:334] CRadXmlElement::iterator::getListener: [INFO] found listener: <'service:name=malware':0x8fa8328>, m_listen_map.size() = 6
[rad_xml_element.cpp:335] CRadXmlElement::iterator::getListener: [INFO] exit from ..
[rad_xml_element.cpp:384] CRadXmlElement::iterator::listen: [INFO] found lisnener going to call to listen 0x8fa8328
[rad_xml_malware.cpp:482] CRadXmlMalware::listen: [INFO] enter to ...
[rad_xml_malware.cpp:483] CRadXmlMalware::listen: [INFO] 0x8fa8328 start listen
[rad_malware_response_builder.cpp:123] CRadMalwareResponseBuilder::init: [INFO] enter to ...
[rad_malware_response_builder.cpp:147] CRadMalwareResponseBuilder::init: [INFO] 0x8d08670 m_orig_resource catv-89-133-63-73.catv.broadband.hu
[rad_malware_response_builder.cpp:149] CRadMalwareResponseBuilder::init: [INFO] exit from ..
[rad_xml_malware.cpp:524] CRadXmlMalware::listen: [INFO] SSTTRRTT
[rad_xml_malware.cpp:525] CRadXmlMalware::listen: [INFO] listen: element 'service:name=malware'
[rad_xml_element.cpp:546] CRadXmlElement::findElements: [INFO] enter to ...
[rad_xml_element.cpp:556] CRadXmlElement::findElements: [INFO] going to look for error
[rad_xml_element.cpp:558] CRadXmlElement::findElements: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'error':0x8fa837c>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 1
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_xml_element.cpp:546] CRadXmlElement::findElements: [INFO] enter to ...
[rad_xml_element.cpp:556] CRadXmlElement::findElements: [INFO] going to look for ttl
[rad_xml_element.cpp:558] CRadXmlElement::findElements: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'ttl':0x8fa8484>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 1
[rad_xml_element.cpp:378] CRadXmlElement::iterator::listen: [INFO] m_list length = 1
[rad_xml_element.cpp:157] CRadXmlElement::iterator::operator++: [INFO] enter to ...
[rad_xml_element.cpp:176] CRadXmlElement::iterator::operator++: [INFO] m_item = 0, m_list->getLength = 1
[rad_xml_element.cpp:566] CRadXmlElement::parseAttributes: [INFO] enter to ...
[rad_xml_element.cpp:598] CRadXmlElement::parseAttributes: [INFO] indecator: ttl
[rad_xml_element.cpp:599] CRadXmlElement::parseAttributes: [INFO] exit from ..
[rad_xml_element.cpp:206] CRadXmlElement::iterator::operator++: [INFO] exit from ..
[rad_xml_element.cpp:381] CRadXmlElement::iterator::listen: [INFO] indicator = <ttl>, m_listen_map.size() = 1
[rad_xml_element.cpp:316] CRadXmlElement::iterator::getListener: [INFO] enter to ...
[rad_xml_element.cpp:334] CRadXmlElement::iterator::getListener: [INFO] found listener: <'ttl':0x8fa8484>, m_listen_map.size() = 1
[rad_xml_element.cpp:335] CRadXmlElement::iterator::getListener: [INFO] exit from ..
[rad_xml_element.cpp:384] CRadXmlElement::iterator::listen: [INFO] found lisnener going to call to listen 0x8fa8484
[rad_xml_value.cpp:131] CRadXmlUintValue::listen: [INFO] enter to ...
[rad_xml_value.cpp:135] CRadXmlUintValue::listen: [INFO] u_int: 1800
[rad_xml_value.cpp:137] CRadXmlUintValue::listen: [INFO] exit from ..
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_xml_element.cpp:546] CRadXmlElement::findElements: [INFO] enter to ...
[rad_xml_element.cpp:556] CRadXmlElement::findElements: [INFO] going to look for pc
[rad_xml_element.cpp:558] CRadXmlElement::findElements: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'pc':0x8fa83a8>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 1
[rad_xml_element.cpp:378] CRadXmlElement::iterator::listen: [INFO] m_list length = 1
[rad_xml_element.cpp:157] CRadXmlElement::iterator::operator++: [INFO] enter to ...
[rad_xml_element.cpp:176] CRadXmlElement::iterator::operator++: [INFO] m_item = 0, m_list->getLength = 1
[rad_xml_element.cpp:566] CRadXmlElement::parseAttributes: [INFO] enter to ...
[rad_xml_element.cpp:598] CRadXmlElement::parseAttributes: [INFO] indecator: pc
[rad_xml_element.cpp:599] CRadXmlElement::parseAttributes: [INFO] exit from ..
[rad_xml_element.cpp:206] CRadXmlElement::iterator::operator++: [INFO] exit from ..
[rad_xml_element.cpp:381] CRadXmlElement::iterator::listen: [INFO] indicator = <pc>, m_listen_map.size() = 1
[rad_xml_element.cpp:316] CRadXmlElement::iterator::getListener: [INFO] enter to ...
[rad_xml_element.cpp:334] CRadXmlElement::iterator::getListener: [INFO] found listener: <'pc':0x8fa83a8>, m_listen_map.size() = 1
[rad_xml_element.cpp:335] CRadXmlElement::iterator::getListener: [INFO] exit from ..
[rad_xml_element.cpp:384] CRadXmlElement::iterator::listen: [INFO] found lisnener going to call to listen 0x8fa83a8
[rad_xml_value.cpp:131] CRadXmlUintValue::listen: [INFO] enter to ...
[rad_xml_value.cpp:135] CRadXmlUintValue::listen: [INFO] u_int: 0
[rad_xml_value.cpp:137] CRadXmlUintValue::listen: [INFO] exit from ..
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_xml_element.cpp:546] CRadXmlElement::findElements: [INFO] enter to ...
[rad_xml_element.cpp:556] CRadXmlElement::findElements: [INFO] going to look for useUrl
[rad_xml_element.cpp:558] CRadXmlElement::findElements: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'useUrl':0x8fa84dc>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 1
[rad_xml_element.cpp:378] CRadXmlElement::iterator::listen: [INFO] m_list length = 1
[rad_xml_element.cpp:157] CRadXmlElement::iterator::operator++: [INFO] enter to ...
[rad_xml_element.cpp:176] CRadXmlElement::iterator::operator++: [INFO] m_item = 0, m_list->getLength = 1
[rad_xml_element.cpp:566] CRadXmlElement::parseAttributes: [INFO] enter to ...
[rad_xml_element.cpp:598] CRadXmlElement::parseAttributes: [INFO] indecator: useUrl
[rad_xml_element.cpp:599] CRadXmlElement::parseAttributes: [INFO] exit from ..
[rad_xml_element.cpp:206] CRadXmlElement::iterator::operator++: [INFO] exit from ..
[rad_xml_element.cpp:381] CRadXmlElement::iterator::listen: [INFO] indicator = <useUrl>, m_listen_map.size() = 1
[rad_xml_element.cpp:316] CRadXmlElement::iterator::getListener: [INFO] enter to ...
[rad_xml_element.cpp:334] CRadXmlElement::iterator::getListener: [INFO] found listener: <'useUrl':0x8fa84dc>, m_listen_map.size() = 1
[rad_xml_element.cpp:335] CRadXmlElement::iterator::getListener: [INFO] exit from ..
[rad_xml_element.cpp:384] CRadXmlElement::iterator::listen: [INFO] found lisnener going to call to listen 0x8fa84dc
[rad_xml_value.cpp:43] CRadXmlStringValue::listen: [INFO] enter to ...
[rad_xml_value.cpp:49] CRadXmlStringValue::listen: [INFO] string: _elem.getText() = false, l_size = 6, m_dmax = 1028
[rad_xml_value.cpp:62] CRadXmlStringValue::listen: [INFO] string: 'false', size = 5, dmax = 1028
[rad_xml_value.cpp:63] CRadXmlStringValue::listen: [INFO] exit from ..
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_xml_element.cpp:546] CRadXmlElement::findElements: [INFO] enter to ...
[rad_xml_element.cpp:556] CRadXmlElement::findElements: [INFO] going to look for url
[rad_xml_element.cpp:558] CRadXmlElement::findElements: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'url':0x8fa84b0>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 1
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_xml_malware.cpp:635] CRadXmlMalware::listen: [INFO] l_output_is_specific_url = 0
[rad_xml_malware.cpp:440] CRadXmlMalware::isStopParsing: [INFO] enter to ...
[rad_malware_response_builder.cpp:551] CRadMalwareResponseBuilder::getMaxPatternCount: [INFO] enter to ...
[rad_xml_malware.cpp:472] CRadXmlMalware::isStopParsing: [INFO] exit from ..
[rad_xml_element.cpp:546] CRadXmlElement::findElements: [INFO] enter to ...
[rad_xml_element.cpp:556] CRadXmlElement::findElements: [INFO] going to look for au1
[rad_xml_element.cpp:558] CRadXmlElement::findElements: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'au1':0x8fa8458>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 1
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_xml_element.cpp:546] CRadXmlElement::findElements: [INFO] enter to ...
[rad_xml_element.cpp:556] CRadXmlElement::findElements: [INFO] going to look for wd
[rad_xml_element.cpp:558] CRadXmlElement::findElements: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'wd':0x8fa83d4>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 1
[rad_xml_element.cpp:378] CRadXmlElement::iterator::listen: [INFO] m_list length = 1
[rad_xml_element.cpp:157] CRadXmlElement::iterator::operator++: [INFO] enter to ...
[rad_xml_element.cpp:176] CRadXmlElement::iterator::operator++: [INFO] m_item = 0, m_list->getLength = 1
[rad_xml_element.cpp:566] CRadXmlElement::parseAttributes: [INFO] enter to ...
[rad_xml_element.cpp:598] CRadXmlElement::parseAttributes: [INFO] indecator: wd
[rad_xml_element.cpp:599] CRadXmlElement::parseAttributes: [INFO] exit from ..
[rad_xml_element.cpp:206] CRadXmlElement::iterator::operator++: [INFO] exit from ..
[rad_xml_element.cpp:381] CRadXmlElement::iterator::listen: [INFO] indicator = <wd>, m_listen_map.size() = 1
[rad_xml_element.cpp:316] CRadXmlElement::iterator::getListener: [INFO] enter to ...
[rad_xml_element.cpp:334] CRadXmlElement::iterator::getListener: [INFO] found listener: <'wd':0x8fa83d4>, m_listen_map.size() = 1
[rad_xml_element.cpp:335] CRadXmlElement::iterator::getListener: [INFO] exit from ..
[rad_xml_element.cpp:384] CRadXmlElement::iterator::listen: [INFO] found lisnener going to call to listen 0x8fa83d4
[rad_xml_value.cpp:43] CRadXmlStringValue::listen: [INFO] enter to ...
[rad_xml_value.cpp:49] CRadXmlStringValue::listen: [INFO] string: _elem.getText() = false, l_size = 6, m_dmax = 1028
[rad_xml_value.cpp:62] CRadXmlStringValue::listen: [INFO] string: 'false', size = 5, dmax = 1028
[rad_xml_value.cpp:63] CRadXmlStringValue::listen: [INFO] exit from ..
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_xml_element.cpp:546] CRadXmlElement::findElements: [INFO] enter to ...
[rad_xml_element.cpp:556] CRadXmlElement::findElements: [INFO] going to look for wld
[rad_xml_element.cpp:558] CRadXmlElement::findElements: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'wld':0x8fa8400>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 1
[rad_xml_element.cpp:378] CRadXmlElement::iterator::listen: [INFO] m_list length = 1
[rad_xml_element.cpp:157] CRadXmlElement::iterator::operator++: [INFO] enter to ...
[rad_xml_element.cpp:176] CRadXmlElement::iterator::operator++: [INFO] m_item = 0, m_list->getLength = 1
[rad_xml_element.cpp:566] CRadXmlElement::parseAttributes: [INFO] enter to ...
[rad_xml_element.cpp:598] CRadXmlElement::parseAttributes: [INFO] indecator: wld
[rad_xml_element.cpp:599] CRadXmlElement::parseAttributes: [INFO] exit from ..
[rad_xml_element.cpp:206] CRadXmlElement::iterator::operator++: [INFO] exit from ..
[rad_xml_element.cpp:381] CRadXmlElement::iterator::listen: [INFO] indicator = <wld>, m_listen_map.size() = 1
[rad_xml_element.cpp:316] CRadXmlElement::iterator::getListener: [INFO] enter to ...
[rad_xml_element.cpp:334] CRadXmlElement::iterator::getListener: [INFO] found listener: <'wld':0x8fa8400>, m_listen_map.size() = 1
[rad_xml_element.cpp:335] CRadXmlElement::iterator::getListener: [INFO] exit from ..
[rad_xml_element.cpp:384] CRadXmlElement::iterator::listen: [INFO] found lisnener going to call to listen 0x8fa8400
[rad_xml_value.cpp:43] CRadXmlStringValue::listen: [INFO] enter to ...
[rad_xml_value.cpp:49] CRadXmlStringValue::listen: [INFO] string: _elem.getText() = false, l_size = 6, m_dmax = 1028
[rad_xml_value.cpp:62] CRadXmlStringValue::listen: [INFO] string: 'false', size = 5, dmax = 1028
[rad_xml_value.cpp:63] CRadXmlStringValue::listen: [INFO] exit from ..
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_xml_element.cpp:546] CRadXmlElement::findElements: [INFO] enter to ...
[rad_xml_element.cpp:556] CRadXmlElement::findElements: [INFO] going to look for fld
[rad_xml_element.cpp:558] CRadXmlElement::findElements: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'fld':0x8fa842c>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 1
[rad_xml_element.cpp:378] CRadXmlElement::iterator::listen: [INFO] m_list length = 1
[rad_xml_element.cpp:157] CRadXmlElement::iterator::operator++: [INFO] enter to ...
[rad_xml_element.cpp:176] CRadXmlElement::iterator::operator++: [INFO] m_item = 0, m_list->getLength = 1
[rad_xml_element.cpp:566] CRadXmlElement::parseAttributes: [INFO] enter to ...
[rad_xml_element.cpp:598] CRadXmlElement::parseAttributes: [INFO] indecator: fld
[rad_xml_element.cpp:599] CRadXmlElement::parseAttributes: [INFO] exit from ..
[rad_xml_element.cpp:206] CRadXmlElement::iterator::operator++: [INFO] exit from ..
[rad_xml_element.cpp:381] CRadXmlElement::iterator::listen: [INFO] indicator = <fld>, m_listen_map.size() = 1
[rad_xml_element.cpp:316] CRadXmlElement::iterator::getListener: [INFO] enter to ...
[rad_xml_element.cpp:334] CRadXmlElement::iterator::getListener: [INFO] found listener: <'fld':0x8fa842c>, m_listen_map.size() = 1
[rad_xml_element.cpp:335] CRadXmlElement::iterator::getListener: [INFO] exit from ..
[rad_xml_element.cpp:384] CRadXmlElement::iterator::listen: [INFO] found lisnener going to call to listen 0x8fa842c
[rad_xml_value.cpp:131] CRadXmlUintValue::listen: [INFO] enter to ...
[rad_xml_value.cpp:135] CRadXmlUintValue::listen: [INFO] u_int: 1
[rad_xml_value.cpp:137] CRadXmlUintValue::listen: [INFO] exit from ..
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_malware_response_builder.cpp:930] CRadMalwareResponseBuilder::start: [INFO] enter to ...
[rad_malware_response_builder.cpp:943] CRadMalwareResponseBuilder::start: [INFO] 0x8d08670 m_orig_resource catv-89-133-63-73.catv.broadband.hu
[rad_malware_response_builder.cpp:913] CRadMalwareResponseBuilder::buildUrl: [INFO] enter to ...
[rad_malware_response_builder.cpp:916] CRadMalwareResponseBuilder::buildUrl: [INFO] 0x8d08670 url with out prefix catv-89-133-63-73.catv.broadband.hu
[rad_malware_response_builder.cpp:919] CRadMalwareResponseBuilder::buildUrl: [INFO] exit from ..
[rad_malware_response_builder.cpp:981] CRadMalwareResponseBuilder::start: [INFO] 0x8d08670 request flags: 0
[rad_malware_response_builder.cpp:993] CRadMalwareResponseBuilder::start: [INFO] 0x8d08670'keylen' found (35)
kiss_pm_patterns_create: Entered
[rad_malware_response_builder.cpp:1014] CRadMalwareResponseBuilder::start: [INFO] exit from ..
[rad_xml_element.cpp:546] CRadXmlElement::findElements: [INFO] enter to ...
[rad_xml_element.cpp:556] CRadXmlElement::findElements: [INFO] going to look for esGroup
[rad_xml_element.cpp:558] CRadXmlElement::findElements: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'esGroup':0xf2199374>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 1
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_xml_element.cpp:546] CRadXmlElement::findElements: [INFO] enter to ...
[rad_xml_element.cpp:556] CRadXmlElement::findElements: [INFO] going to look for venGroup
[rad_xml_element.cpp:558] CRadXmlElement::findElements: [INFO] exit from ..
[rad_xml_element.cpp:343] CRadXmlElement::iterator::addListener: [INFO] enter to ...
[rad_xml_element.cpp:364] CRadXmlElement::iterator::addListener: [INFO] add listener: <'venGroup':0xf219939c>, m_listen_map.size() = 1
[rad_xml_element.cpp:365] CRadXmlElement::iterator::addListener: [INFO] exit from ..
[rad_xml_element.cpp:373] CRadXmlElement::iterator::listen: [INFO] enter to ...
[rad_xml_element.cpp:375] CRadXmlElement::iterator::listen: [INFO] m_listen_map.size() = 1
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_malware_response_builder.cpp:563] CRadMalwareResponseBuilder::end: [INFO] enter to ...
[rad_malware_response_builder.cpp:583] CRadMalwareResponseBuilder::end: [INFO] 0x8d08670 m_family is empty
[rad_malware_response_builder.cpp:470] CRadMalwareResponseBuilder::isResendResponse: [INFO] enter to ...
[rad_malware_response_builder.cpp:487] CRadMalwareResponseBuilder::isResendResponse: [INFO] p_map 0xeca42028
[rad_malware_response_builder.cpp:690] CRadMalwareResponseBuilder::end: [INFO] 0x8d08670 m_num_of_entries is 0, no need to create pm
[rad_malware_response_builder.cpp:706] CRadMalwareResponseBuilder::end: [INFO] 0x8d08670host_key: catv-89-133-63-73.catv.broadband.hu
[rad_malware_response_builder.cpp:720] CRadMalwareResponseBuilder::end: [INFO] catv-89-133-63-73.catv.broadband.hu: m_fld 1, is_specific_url 0, m_is_wld 0, m_is_wd 0, m_is_au1 0
[rad_response_builder_utils.cpp:94] CRadResponseBuilderUtils::makeHmac: [INFO] enter to ...
[rad_response_builder_utils.cpp:95] CRadResponseBuilderUtils::makeHmac: [INFO] cp_md_hmac for catv-89-133-63-73.catv.broadband.hu size 35
[rad_response_builder_utils.cpp:105] CRadResponseBuilderUtils::makeHmac: [INFO] exit from ..
[rad_malware_response_builder.cpp:754] CRadMalwareResponseBuilder::end: [INFO] 0x8d08670 host key hmac was built from: catv-89-133-63-73.catv.broadband.hu
[rad_response_builder_utils.cpp:229] CRadResponseBuilderUtils::makeHostKey: [INFO] enter to ...
[rad_response_builder_utils.cpp:234] CRadResponseBuilderUtils::makeHostKey: [INFO] host catv-89-133-63-73.catv.broadband.hu size 35
[rad_response_builder_utils.cpp:245] CRadResponseBuilderUtils::makeHostKey: [INFO] occ 3 _fld 1
[rad_response_builder_utils.cpp:252] CRadResponseBuilderUtils::makeHostKey: [INFO] found dot at pos: 17
[rad_response_builder_utils.cpp:252] CRadResponseBuilderUtils::makeHostKey: [INFO] found dot at pos: 22
[rad_response_builder_utils.cpp:257] CRadResponseBuilderUtils::makeHostKey: [INFO] new host broadband.hu size 12
[rad_response_builder_utils.cpp:259] CRadResponseBuilderUtils::makeHostKey: [INFO] exit from ..
[rad_response_builder_utils.cpp:94] CRadResponseBuilderUtils::makeHmac: [INFO] enter to ...
[rad_response_builder_utils.cpp:95] CRadResponseBuilderUtils::makeHmac: [INFO] cp_md_hmac for broadband.hu size 12
[rad_response_builder_utils.cpp:105] CRadResponseBuilderUtils::makeHmac: [INFO] exit from ..
[rad_malware_response_builder.cpp:776] CRadMalwareResponseBuilder::end: [INFO] 0x8d08670 map_key catv-89-133-63-73.catv.broadband.hu based broadband.hu
[rad_malware_response_builder.cpp:808] CRadMalwareResponseBuilder::end: [INFO] catv-89-133-63-73.catv.broadband.hu: m_fld 1, is_specific_url 0, m_is_wld 0, m_is_wd 0, flags 68
[rad_malware_response_builder.cpp:819] CRadMalwareResponseBuilder::end: [INFO] 0x8d08670 key buffer size 44
[rad_malware_response_builder.cpp:159] CRadMalwareResponseBuilder::serializeResponse: [INFO] enter to ...
[rad_malware_response_builder.cpp:177] CRadMalwareResponseBuilder::serializeResponse: [INFO] 0x8d08670 response buffer size 52
[rad_malware_response_builder.cpp:191] CRadMalwareResponseBuilder::serializeResponse: [INFO] 0x8d08670 serialize buff size = 52
[rad_malware_response_builder.cpp:193] CRadMalwareResponseBuilder::serializeResponse: [INFO] exit from ..
[rad_malware_response_builder.cpp:902] CRadMalwareResponseBuilder::end: [INFO] 0x8d08670 done, url catv-89-133-63-73.catv.broadband.hu flags 68
[rad_malware_response_builder.cpp:903] CRadMalwareResponseBuilder::end: [INFO] exit from ..
[rad_xml_malware.cpp:767] CRadXmlMalware::listen: [INFO] EENNDD
[rad_xml_malware.cpp:770] CRadXmlMalware::listen: [INFO] exit from ..
[rad_xml_element.cpp:393] CRadXmlElement::iterator::listen: [INFO] exit from ..
[rad_xml_parser.cpp:149] CRadXmlParser::parser: [INFO] parse service is ok
[rad_xml_parser.cpp:150] CRadXmlParser::parser: [INFO] exit from ..
[rad_fetcher_adapter_fwioctl.cpp:126] CRadFetcherAdapterFwIoctl::handle_response_static: [INFO] enter to ...
[rad_fetcher_adapter_fwioctl.cpp:46] CRadFetcherAdapterFwIoctl::fillIoctlHeaders: [INFO] enter to ...
[rad_fetcher_adapter_fwioctl.cpp:60] CRadFetcherAdapterFwIoctl::fillIoctlHeaders: [INFO] vsid: 0
[rad_fetcher_adapter_fwioctl.cpp:75] CRadFetcherAdapterFwIoctl::fillIoctlHeaders: [INFO] session info key 7003933
[rad_fetcher_adapter_fwioctl.cpp:76] CRadFetcherAdapterFwIoctl::fillIoctlHeaders: [INFO] session info fw_instance 7
[rad_fetcher_adapter_fwioctl.cpp:80] CRadFetcherAdapterFwIoctl::fillIoctlHeaders: [INFO] Srevice Id6
[rad_fetcher_adapter_fwioctl.cpp:86] CRadFetcherAdapterFwIoctl::fillIoctlHeaders: [INFO] exit from ..
[rad_fetcher_adapter_fwioctl.cpp:154] CRadFetcherAdapterFwIoctl::handle_response_static: [INFO] ioctl 0x8d0869c service 6 fw_instance 7 request_id 7003933 ttl 1800 status 0 abs_response 0x8fd2560 response_size 52 abs_response_key 0x9888
830 response_key_size 44
[rad_fetcher_adapter_fwioctl.cpp:93] CRadFetcherAdapterFwIoctl::send: [INFO] enter to ...
[rad_fetcher_adapter_fwioctl.cpp:97] CRadFetcherAdapterFwIoctl::send: [INFO] is_ipv6: 0
[rad_fetcher_adapter_fwioctl.cpp:117] CRadFetcherAdapterFwIoctl::send: [INFO] exit from ..
[rad_fetcher_adapter_fwioctl.cpp:176] CRadFetcherAdapterFwIoctl::handle_response_static: [INFO] sending fwioctl is successful
[rad_fetcher_adapter_fwioctl.cpp:177] CRadFetcherAdapterFwIoctl::handle_response_static: [INFO] exit from ..
[rad_fetcher_adapter_fwioctl.cpp:235] CRadFetcherAdapterFwIoctl::handle_response: [INFO] exit from ..
[rad_malware_response_builder.cpp:49] CRadMalwareResponseBuilder::clean: [INFO] enter to ...
[rad_malware_response_builder.cpp:50] CRadMalwareResponseBuilder::clean: [INFO] 0x8d08670 clean
kiss_pm_patterns_destroy: Entered with: kiss_pm_patterns: 0x8cd4050
[rad_malware_response_builder.cpp:98] CRadMalwareResponseBuilder::clean: [INFO] exit from ..
[rad_xerces.cpp:34] CRadXerces::clear: [INFO] enter to ...
[rad_stats_collector.cpp:197] CRadStatsCollector::getStatsByService: [INFO] enter to ...
[rad_stats_collector.cpp:198] CRadStatsCollector::getStatsByService: [INFO] getting stats object for service 6
[rad_stats_collector.cpp:206] CRadStatsCollector::getStatsByService: [INFO] exit from ..
[rad_query.cpp:219] CRadQuery::endTime: [INFO] enter to ...
[rad_query.cpp:222] CRadQuery::endTime: [INFO] end time at: 5557.43
[rad_query.cpp:223] CRadQuery::endTime: [INFO] exit from ..
[rad_stats_by_service.cpp:167] CRadStatsByService::isStatsOn: [INFO] enter to ...
[rad_stats_by_service.cpp:168] CRadStatsByService::isStatsOn: [INFO] stats are: 0
[rad_stats_by_service.cpp:169] CRadStatsByService::isStatsOn: [INFO] exit from ..
[rad_fetcher.cpp:142] CRadFetcher::handle_data: [INFO] can't update stats for: end round trip time
[rad_status_handler.cpp:358] CRadStatusHandler::getServiceStatus: [INFO] enter to ...
[rad_status_handler.cpp:367] CRadStatusHandler::getServiceStatus: [INFO] exit from ..
[rad_fetcher.cpp:157] CRadFetcher::handle_data: [INFO] increase responses counter for service: 6
[rad_fetcher.cpp:169] CRadFetcher::handle_data: [INFO] fetcher: (0x8bf1df0:appi)
[rad_fetcher.cpp:170] CRadFetcher::handle_data: [INFO] exit from ..
[rad_response_task.cpp:92] CRadResponseTask::run: [INFO] handling response of appi:0x8bf1df0 pass ok
[/local_ckp/src/cpradus/R80_30_jumbo_hf_main/release.dynamic/repository/rad_repository_container_data.h:189] CRadRepositoryContaineData::put: [INFO] enter to ...
[/local_ckp/src/cpradus/R80_30_jumbo_hf_main/release.dynamic/repository/rad_repository_container_data.h:198] CRadRepositoryContaineData::put: [MISC] going to put object <CRadFetcher:0x8bf1df0> back to pool
[/local_ckp/src/cpradus/R80_30_jumbo_hf_main/release.dynamic/repository/rad_repository_container_data.h:199] CRadRepositoryContaineData::put: [MISC] free size: 48, used = 2, high = 2500
[/local_ckp/src/cpradus/R80_30_jumbo_hf_main/release.dynamic/repository/rad_repository_container_data.h:230] CRadRepositoryContaineData::put: [MISC] after put free: 49, used = 1, high = 2500
[/local_ckp/src/cpradus/R80_30_jumbo_hf_main/release.dynamic/repository/rad_repository_container_data.h:231] CRadRepositoryContaineData::put: [INFO] exit from ..

Flow Last 822 Debug Messages:

Re: RAD Error occur every 4 hours

Chris_Atkinson — Tue, 06 Oct 2020 12:50:55 GMT

@Eric_Appelboom I'll be in touch offline to discuss, note there is a RAD fix in the latest ongoing take (JHF T219) which should be validated with TAC to confirm applicability.

Re: RAD Error occur every 4 hours

G_W_Albrecht — Tue, 06 Oct 2020 13:30:07 GMT

Can you please remove the debug messages masses? This is SMB, by the way, so very different to your issue.

Re: RAD Error occur every 4 hours

guybit — Tue, 06 Oct 2020 14:33:35 GMT

Take the information mentioned below it could be a good indicator for your issue

Check how many RAD threads are running:

ps -T -p `ps aux | grep rad | grep -v grep | awk '{print $2}'` | awk '{print $5}' | tail -n +3 | tr -d '0123456789' | sort | uniq -c | sort -rn | awk -F '_' '{$4="";print $0}'

Update me about the result

Find Url's we get errors for:

grep "FlowError=" $FWDIR/log/rad_events/Errors/* -A1 | awk -F "=" '{print $2}' | sort | uniq -c

grep "FlowError=" $FWDIR/log/rad_events/Errors/* -A1 | awk '{print $2,$3,$4,$5,$6,$7,$8,$9}' | sort | uniq -c | tail -n +3

Re: RAD Error occur every 4 hours

Eric_Appelboom — Tue, 06 Oct 2020 14:43:38 GMT

Hi Guy

Note the static key used. Have not done Take_219 as yet

[Expert@1350001:0]# grep "FlowError=" $FWDIR/log/rad_events/Errors/* -A1 | awk -F "=" '{print $2}' | sort | uniq -c
512
513 Failed to fetch CP Site Resource. Timeout was reached
3 http://cws.checkpoint.com:80/AntiVirus/antivirus/2.0?resource
509 http://cws.checkpoint.com:80/Malware/malware/6.0?resource
1 http://cws.checkpoint.com:80/URLF/urlf/1.0?resource

Re: RAD Error occur every 4 hours

Eric_Appelboom — Tue, 06 Oct 2020 14:52:47 GMT

Suspect the queries are originating from ABOT. when rad_admin stop I see a lot of DNS related events in messages which is consitent with the AB errors in cpview, advanced,rad when stats are on.

Oct 6 22:40:12 2020 1350001 kernel: [fw4_13];[X.X.45.2:55934 -> 208.67.220.220:53] [ERROR]: malware_res_rep_rad_query: rad_kernel_api_async_get_resource() failed with error: Service is down
Oct 6 22:40:12 2020 1350001 kernel: [fw4_11];[X.X.49.181:55217 -> 208.67.220.220:53] [ERROR]: malware_res_rep_rad_query: rad_kernel_api_async_get_resource() failed with error: Service is down
Oct 6 22:40:12 2020 1350001 kernel: [fw4_7];[X.X.55.68:51902 -> X.X.45.1:53] [ERROR]: malware_res_rep_rad_query: rad_kernel_api_async_get_resource() failed with error: Service is down
Oct 6 22:40:12 2020 1350001 kernel: [fw4_8];[X.X.55.68:59114 -> X.X.45.1:53] [ERROR]: malware_res_rep_rad_query: rad_kernel_api_async_get_resource() failed with error: Service is down

Re: RAD Error occur every 4 hours

Eric_Appelboom — Tue, 06 Oct 2020 15:24:18 GMT

RAD load looks attributable to a internal centralised logging host doing a DNS lookup for every FQDN it finds in forwarded log.

Will follow up again tomorrow.

Re: RAD Error occur every 4 hours

Eric_Appelboom — Wed, 07 Oct 2020 01:36:10 GMT

Symptoms have been alleviated by reducing the volume of DNS queries from a log collector.

We suspect DNS requests were intercepted by Checkpoint Anti-Bot / DNS Trap and converted to a HTTP request to Checkpoint cloud for a reputation lookup.

Our controls then log the request which is again forwarded to the log collector only to do the same again,

Timeouts are now intermittent occurring once every hour which is better but suggests there should be some throttling added to the mechanism.

Re: RAD Error occur every 4 hours

e-p-csj — Tue, 02 Feb 2021 16:39:51 GMT

Can you provide a bit of insight of how you reduced the volume of DNS queries on the log collector? Seems we are seeing something similar.

Re: RAD Error occur every 4 hours

genisis__ — Tue, 02 Feb 2021 21:13:04 GMT

I've had similar, if not the same issues in my R80.20 installation. This is specifically when ABOT/AV are enabled (overall processor utilization jumps almost 30%) I see the RAD process getting heavily used. After restarting the RAD process it seem fine.

One thing we also did is add DNS queries to fast accel which we believe also helps. This all said TAC recommended upgrading to R80.40 so we are going to do this soon to see if it actually help reduce the overall CPU usage (which is way too much in comparison to the total throughput of the devices we are using).