Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ChoiYunSoo
Contributor

I'm getting an unusual message like'ips_gen_dyn_log: malware_policy_global_send_log() failed'.

Hello nice to meet you

 

Recently, a customer's firewall has lost its service connection due to an increase in resources for an unknown reason.

And I don't know if it is related to resource increase or service disconnection, but the message below will be generated every time there is an issue.

I saw something similar to this in 'sk167939', but the customer is a completely different version from the DB version specified in sk.

In addition, TAC said that there are no bugs in DB versions other than those specified in SK.

I am wondering if that message has anything to do with increasing resource usage.

 

Symptoms and messages are the same for the two devices specified below.

 

* Model: SG23800

* Version: R80.40 (VRRP)

* Blade: Firewall / IPS

* CPU: 48Core (H/T on)

* Memory: 32G

 

* Model: SG15600

* Version: R80.10 (VRRP)

* Blade: Firewall / IPS

* CPU: 32 Core(H/T on)

* Memory: 16G

 

Jan  7 07:45:03 2021 LGESA_GW_FW1 kernel: [fw4_1];CLUS-120202-1: Stopping CUL mode after 11 sec (short CUL timeout), because no member reported CPU usage above the configured threshold (80%) during the last 10 sec.
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_1];CLUS-120200-1: Starting CUL mode because CPU-04 usage (84%) on the local member increased above the configured threshold (80%).
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_39];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_14];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_13];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_4];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_8];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_0];fwmultik_prio_handle_gconn_lookup: failed getting instance section from connection 40.90.4.201(53) -> 156.147.135.180(52007) IPP 17 instance 29
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_0];fwmultik_enqueue_data_kernel: error in gconn lock and lookup. cannot enqueue to priority queues. (instance 29, opcode:6)
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_32];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_39];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_2];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_17];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_8];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_9];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_14];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 last message repeated 2 times
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: [fw4_1];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan  7 07:47:18 2021 LGESA_GW_FW1 kernel: FW-1: lost 2107 debug messages

 

 

PS  This is the status information of the customer firewall at the time of the failure.

1. From 07:44 to 07:47, cpview data did not accumulate for about 3 minutes.

2. The cpu and memory usage of 47 minutes is very high compared to 44 minutes.

3. At that time, aggressive aging was activated.

 

1.PNG2.PNG

 

 

 

 

 

 

0 Kudos
5 Replies
_Val_
Admin
Admin

This is your second post for the matter. Update your IPS and push policy. If the issue remains, please raise a case with TAC

0 Kudos
ChoiYunSoo
Contributor

In accordance with the recommendations of TAC and SK, the IPS DB has been updated to the latest.

However, the problem continues to occur intermittently.

I need to know Whether the occurrence of that message is affecting the rise of firewall resources.

I opened a case to the TAC and it took more than a month, but the TAC is no sense of cause of this problem.

 

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP

Presumably you've shared more detail with TAC as it's difficult to assist without knowing things such as installed JHF levels etc.

CCSM R77/R80/ELITE
0 Kudos
ChoiYunSoo
Contributor

OS Version: R80.40

Hotfix: Take 89

 

OS Version: R80.10

Hotfix: Take 279

 

The same symptom is seen on both firewalls.

I don't know what trigger to increase cpu and memory at that time.

 

0 Kudos
constant69
Contributor

Hi ChoiYunSoo,

I have the same log

-------------------------

Jan 19 14:52:41 2021 FIREWALLXXX01 kernel: [fw4_0];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan 19 14:53:39 2021 FIREWALLXXX01 kernel: [fw4_0];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan 19 14:55:11 2021 FIREWALLXXX01 kernel: [fw4_4];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan 19 14:55:21 2021 FIREWALLXXX01 kernel: [fw4_0];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan 19 14:55:27 2021 FIREWALLXXX01 kernel: [fw4_5];ips_gen_dyn_log: malware_policy_global_send_log() failed
Jan 19 14:56:04 2021 FIREWALLXXX01 kernel: [fw4_1];ips_gen_dyn_log: malware_policy_global_send_log() failed

-------------------------

 

What is the status of your case with the TAC ?

 

Thanks

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events