Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Failed to parse CP site response

In the last couple of weeks I have seen the following error alerting in flurries on multiple sites at the same time. All running R80.30 with HTTPS inspection and URL&App blade, AV, AB etc.

Has anyone else seen this, anyone resolved it?

It is filling the admin mailboxes and I’m concerned that a. Users are having problems or b. Most worryingly that potentially harmful sites are beibg accessed without protection because of ‘fail-open’.

note from these two examples that the blade reporting the issue varies as does the website involved. Goo.gl creature highly in this on multiple sites but there are plenty of other examples.

HeaderDateHour:  4Feb2020 10:49:56; ContentVersion: 5; HighLevelLogKey: N/A; Uuid: {0x0,0x0,0x0,0x0}; SequenceNum: 36; Action: ctl; Origin: fwl-0002; IfDir: >; InterfaceName: daemon; Alert: mail; OriginSicName: N/A; description: Error occur while accessing:goo.gl/forms/gn0vx7tcxe; reason: Failed to parse CP Site Response., check /opt/CPsuite-R80.30/fw1/log/rad_events/Errors/flow_8520_258746 For more details; severity: 3; ProductName: Anti Malware; ProductFamily: Network;

and also:

HeaderDateHour:  1Feb2020  9:43:46; ContentVersion: 5; HighLevelLogKey: N/A; Uuid: {0x0,0x0,0x0,0x0}; SequenceNum: 37; Action: ctl; Origin: fwl-0002; IfDir: >; InterfaceName: daemon; Alert: mail; OriginSicName: N/A; description: Error occur while accessing:cdn.videogram.com; reason: Failed to parse CP Site Response., check /opt/CPsuite-R80.30/fw1/log/rad_events/Errors/flow_8520_206678 For more details; severity: 3; ProductName: URL Filtering; ProductFamily: Network;

 

40 Replies
Highlighted

run top and observe few minutes if any of the process is utilizing a lot of cpu. Is Internet running slow from time to time
0 Kudos
Highlighted
Silver

So what was the solution in the end? JHFA 211?

0 Kudos
Highlighted

Not yet resolved. I have not installed 211 but may do later this week.

0 Kudos
Highlighted

Generally the pair of firewalls have CPU usage below 20%.

0 Kudos
Highlighted
Nickel

I have a similar problem on a freshly upgraded R80.40 JHF T48 

 

Exact same errors  :

Blade Anti Bot

Description Error occur while accessing:/sdktunnel

Failed to handle CP Site request.,check  /opt/CPsuite-R80.40/fw/log/rad_events/Errors/flow_xxxx

 

Have had a case open with TAC since 19th they acknowledged its an issue but no fix etc .. anyone have this on R80.40 and any luck fixing it ?

0 Kudos
Highlighted

80.30 HFA 214 does not resolve the issue.

 

 HeaderDateHour: 23Jul2020 10:05:04; ContentVersion: 5; HighLevelLogKey: N/A; Uuid: {0x0,0x0,0x0,0x0}; SequenceNum: 47; Action: ctl; Origin: XXX; IfDir: >; InterfaceName: daemon; Alert: mail; OriginSicName: N/A; description: Error occur while ac cessing:api.usercentrics.eu; reason: Failed to parse CP Site Response., check /opt/CPsuite-R80.30/fw1/log/rad_events/Errors/flow_13967_47372 For more details; severity: 3; ProductName: URL Filtering; ProductFamily: Network;

0 Kudos
Highlighted
Iron

good morning from austria, the problem continues with 80.40 and the last updates - we had a case open for weeks directly at cp and nobody could or did not want to solve it. from my point of view, the problem is not in the rad process (we have modified a lot here for test) but in the dns trap itself - and with these errors in the log the response takes 4000ms in some cases - which occurs to me maybe dns trap does not come together with dnssec, but Delaying the answer for so long or what I often don't see at all allowing an answer is really a very unfortunate situation.

0 Kudos
Highlighted

@PhoneBoy As you can see from this thread and the large variety of systems, versions and patch levels this is a widespread situation. Could you please make this known to the appropriate Check Point people to get them to look in to this and prhaps post some progress here?

Having to handle this level of 'false positive' alerts, many admins are starting to treat alerts as every day occurrences and this has a real impact on  security.

Highlighted

I am embarrassed to say how many times I've applied JHFAs and version hopped, at the request of CP support, in hopes of putting an end to these RAD alerts but they persisted from R80.20 to R80.30 (and possibly R80.40 but I can't tell at the moment because I am getting spammed so heavily by the RAD on one gateway (12,000+ alerts a day) that I have sent CP alerts straight to my deleted items folder).

I've had three SRs opened at various points through this issue and no resolution.

UPDATE:

CP contacted me about this issue to learn if the problem persists in R80.40 so I took some time to search my deleted items folder and it seems that the volume of alerts from our R80.40 clusters is 'normal' (4 out of 6000+ yesterday) so, at this point, it appears the issue is not present in R80.40.  The real test will be when we move to R80.40 on our internal clusters as they are the ones responsible for the bulk of the alerts.

0 Kudos
Highlighted
Admin
Admin

What does the file mentioned in the log say?
Also, if you haven't already, a TAC case is definitely in order.

0 Kudos
Highlighted

Logfile from an alert just received

Alert info

 HeaderDateHour:  4Aug2020  9:47:19; ContentVersion: 5; HighLevelLogKey: N/A; Uuid: {0x0,0x0,0x0,0x0}; SequenceNum: 3; Action: ctl; Origin: XXX; IfDir: >; InterfaceName: daemon; Alert: mail; OriginSicName: N/A; description: Error occur while acc essing:nebulaie.webex.com; reason: Failed to fetch CP Site Resource. Timeout was reached, check /opt/CPsuite-R80.30/fw1/log/rad_events/Errors/flow_13967_683122 For more details; severity: 3; ProductName: Anti Malware; ProductFamily: Network;

---

Logifle reads:

Flow ID = flow_13967_683122
Flow Termination Status:Failed!
Flow Started (09:47:04)
Flow Ended (09:47:19)
Flow Total Runtime:15 seconds (Timed out)

Flow Steps:
Generic Trap Flow (0 Seconds)
Cloud HTTP Access(IO) (15 Seconds)
End Of Flow Steps

Flow Items:
_indicator@trapper:vsid=0
_indicator@trapper:version=0
_indicator@trapper:session=
_indicator@trapper:service=malware
_indicator@trapper:resource=nebulaie.webex.com
_indicator@trapper:key_len=18
_indicator@trapper:is_ipv6=0
_indicator@trapper:flags=0
Service=malware
Resource=nebulaie.webex.com
FlowError=Failed to fetch CP Site Resource. Timeout was reached
FetchUrl=http://cws.checkpoint.com:80/Malware/malware/6.0?resource=bmVidWxhaWUud2ViZXguY29t&key=123456
ActiveFlows=2
End of Flow Items

Flow Last 383 Debug Messages:

[rad_trap_task.cpp:42] CRadTrapTask::run: [INFO] enter to ...
[rad_chain_runner.cpp:22] CRadChainRunner::insert: [INFO] enter to ...
[rad_chain_runner.cpp:29] CRadChainRunner::insert: [INFO] insert chain 'CRadTrapperHeader:0xf28abd60 is ok
[rad_chain_runner.cpp:22] CRadChainRunner::insert: [INFO] enter to ...
[rad_chain_runner.cpp:29] CRadChainRunner::insert: [INFO] insert chain 'CRadTrapperMessage:0xf28abe60 is ok
[rad_chain_runner.cpp:22] CRadChainRunner::insert: [INFO] enter to ...
[rad_chain_runner.cpp:29] CRadChainRunner::insert: [INFO] insert chain 'CRadCacheEnabler:0xf28abf50 is ok
[rad_chain_runner.cpp:22] CRadChainRunner::insert: [INFO] enter to ...
[rad_chain_runner.cpp:29] CRadChainRunner::insert: [INFO] insert chain 'CRadTrapperFetcher:0xf28ac040 is ok
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueMap> free objects = 99, used 0 of 100000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_chain_runner.cpp:59] CRadChainRunner::run: [INFO] enter to ...
[rad_chain_runner.cpp:73] CRadChainRunner::run: [INFO] going to run chain 'CRadTrapperHeader'
[rad_trapper_header.cpp:228] CRadTrapperHeader::run: [INFO] enter to ...
[rad_buffer.cpp:341] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:355] CRadBuffer::read: [INFO] going to read: m_dlen = 168, _limit: 16
[rad_buffer.cpp:362] CRadBuffer::read: [INFO] read: m_dlen = 152, _limit: 16, _read_bytes: 16
[rad_buffer.cpp:363] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_header.cpp:208] CRadTrapperHeader::addChainData: [INFO] enter to ...
[rad_trapper_header.cpp:128] CRadTrapperHeader::addChainDataService: [INFO] enter to ...
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueString> free objects = 198, used 0 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:service' _value 'malware'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_trapper_header.cpp:164] CRadTrapperHeader::addChainDataService: [INFO] exit from ..
[rad_trapper_header.cpp:172] CRadTrapperHeader::addChainDataVersion: [INFO] enter to ...
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueUInt> free objects = 495, used 0 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:version' _value '0'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_trapper_header.cpp:200] CRadTrapperHeader::addChainDataVersion: [INFO] exit from ..
[rad_trapper_header.cpp:274] CRadTrapperHeader::debug: [INFO] enter to ...
[rad_trapper_header.cpp:276] CRadTrapperHeader::debug: [INFO] serv = 6
[rad_trapper_header.cpp:277] CRadTrapperHeader::debug: [INFO] size = 162
[rad_trapper_header.cpp:278] CRadTrapperHeader::debug: [INFO] item = 5
[rad_trapper_header.cpp:263] CRadTrapperHeader::run: [INFO] exit from ..
[rad_chain_runner.cpp:83] CRadChainRunner::run: [INFO] run chain 'CRadTrapperHeader' is ok, l_read_total = 16
[rad_chain_runner.cpp:73] CRadChainRunner::run: [INFO] going to run chain 'CRadTrapperMessage'
[rad_trapper_message.cpp:62] CRadTrapperMessage::run: [INFO] enter to ...
[rad_trapper_message.cpp:94] CRadTrapperMessage::read: [INFO] enter to ...
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1a0
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 152
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_trapper_message.cpp:126] CRadTrapperMessage::read: [INFO] read l_type: 3, l_bytes: 4
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueSession> free objects = 99, used 0 of 100000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1a4
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 148
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 148, _limit: 16
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 132, _limit: 16, _read_bytes: 7
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (session)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_message.cpp:143] CRadTrapperMessage::read: [INFO] read l_name: session, l_bytes: 7
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1b4
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 132
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_session.cpp:85] CRadValueSession::read: [INFO] enter to ...
[rad_buffer.cpp:341] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:355] CRadBuffer::read: [INFO] going to read: m_dlen = 128, _limit: 8
[rad_buffer.cpp:362] CRadBuffer::read: [INFO] read: m_dlen = 120, _limit: 8, _read_bytes: 8
[rad_buffer.cpp:363] CRadBuffer::read: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1c0
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 120
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_session.cpp:109] CRadValueSession::read: [INFO] exit from ..
[rad_trapper_message.cpp:152] CRadTrapperMessage::read: [INFO] read: data <>
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1c0
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 120
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:session' _value ''
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1c0
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 120
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_trapper_message.cpp:126] CRadTrapperMessage::read: [INFO] read l_type: 1, l_bytes: 4
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueUInt> free objects = 494, used 1 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1c4
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 116
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 116, _limit: 16
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 100, _limit: 16, _read_bytes: 7
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (is_ipv6)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_message.cpp:143] CRadTrapperMessage::read: [INFO] read l_name: is_ipv6, l_bytes: 7
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1d4
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 100
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_uint.cpp:82] CRadValueUInt::read: [INFO] enter to ...
[rad_value_uint.cpp:94] CRadValueUInt::read: [INFO] read: m_value = 0
[rad_value_uint.cpp:95] CRadValueUInt::read: [INFO] exit from ..
[rad_trapper_message.cpp:152] CRadTrapperMessage::read: [INFO] read: data <0>
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1d8
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 96
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:is_ipv6' _value '0'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1d8
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 96
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_trapper_message.cpp:126] CRadTrapperMessage::read: [INFO] read l_type: 2, l_bytes: 4
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueString> free objects = 197, used 1 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1dc
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 92
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 92, _limit: 16
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 76, _limit: 16, _read_bytes: 8
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (resource)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_message.cpp:143] CRadTrapperMessage::read: [INFO] read l_name: resource, l_bytes: 8
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1ec
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 76
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_string.cpp:98] CRadValueString::read: [INFO] enter to ...
[rad_value_string.cpp:108] CRadValueString::read: [MISC] read: l_size: 18
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f1f0
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 72
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 72, _limit: 18
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 54, _limit: 18, _read_bytes: 18
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (nebulaie.webex.com)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f202
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 54
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_string.cpp:123] CRadValueString::read: [INFO] exit from ..
[rad_trapper_message.cpp:152] CRadTrapperMessage::read: [INFO] read: data <nebulaie.webex.com>
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f202
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 54
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:resource' _value 'nebulaie.webex.com'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f202
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 54
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_trapper_message.cpp:126] CRadTrapperMessage::read: [INFO] read l_type: 1, l_bytes: 4
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueUInt> free objects = 493, used 2 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f206
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 50
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 50, _limit: 16
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 34, _limit: 16, _read_bytes: 7
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (key_len)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_message.cpp:143] CRadTrapperMessage::read: [INFO] read l_name: key_len, l_bytes: 7
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f216
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 34
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_uint.cpp:82] CRadValueUInt::read: [INFO] enter to ...
[rad_value_uint.cpp:94] CRadValueUInt::read: [INFO] read: m_value = 18
[rad_value_uint.cpp:95] CRadValueUInt::read: [INFO] exit from ..
[rad_trapper_message.cpp:152] CRadTrapperMessage::read: [INFO] read: data <18>
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f21a
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 30
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:key_len' _value '18'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f21a
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 30
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_trapper_message.cpp:126] CRadTrapperMessage::read: [INFO] read l_type: 1, l_bytes: 4
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueUInt> free objects = 492, used 3 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f21e
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 26
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_buffer.cpp:309] CRadBuffer::read: [INFO] enter to ...
[rad_buffer.cpp:319] CRadBuffer::read: [INFO] going to read: m_dlen = 26, _limit: 16
[rad_buffer.cpp:331] CRadBuffer::read: [INFO] read: m_dlen = 10, _limit: 16, _read_bytes: 5
[rad_buffer.cpp:332] CRadBuffer::read: [INFO] read: _output = (flags)
[rad_buffer.cpp:333] CRadBuffer::read: [INFO] exit from ..
[rad_trapper_message.cpp:143] CRadTrapperMessage::read: [INFO] read l_name: flags, l_bytes: 5
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f22e
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 10
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_uint.cpp:82] CRadValueUInt::read: [INFO] enter to ...
[rad_value_uint.cpp:94] CRadValueUInt::read: [INFO] read: m_value = 0
[rad_value_uint.cpp:95] CRadValueUInt::read: [INFO] exit from ..
[rad_trapper_message.cpp:152] CRadTrapperMessage::read: [INFO] read: data <0>
[rad_buffer.cpp:382] CRadBuffer::debug: [INFO] enter to ...
[rad_buffer.cpp:383] CRadBuffer::debug: [INFO] m_data: 0xf1c1f232
[rad_buffer.cpp:384] CRadBuffer::debug: [INFO] m_dlen: 6
[rad_buffer.cpp:385] CRadBuffer::debug: [INFO] m_offset: 0
[rad_buffer.cpp:386] CRadBuffer::debug: [INFO] m_dref: 0
[rad_buffer.cpp:387] CRadBuffer::debug: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:flags' _value '0'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_trapper_message.cpp:175] CRadTrapperMessage::read: [INFO] successfuly read (5) items, values map size = 7
[rad_trapper_message.cpp:176] CRadTrapperMessage::read: [INFO] exit from ..
[rad_trapper_message.cpp:184] CRadTrapperMessage::addChainDataVsid: [INFO] enter to ...
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadValueUInt> free objects = 491, used 4 of 200000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_value_map.cpp:252] CRadValueMap::add: [INFO] enter to ...
[rad_value_map.cpp:271] CRadValueMap::add: [INFO] add indicator 'trapper:vsid' _value '0'
[rad_value_map.cpp:275] CRadValueMap::add: [INFO] exit from ..
[rad_trapper_message.cpp:210] CRadTrapperMessage::addChainDataVsid: [INFO] exit from ..
[rad_trapper_message.cpp:83] CRadTrapperMessage::run: [INFO] exit from ..
[rad_chain_runner.cpp:83] CRadChainRunner::run: [INFO] run chain 'CRadTrapperMessage' is ok, l_read_total = 16
[rad_chain_runner.cpp:73] CRadChainRunner::run: [INFO] going to run chain 'CRadCacheEnabler'
[rad_cache_enabler.cpp:55] CRadCacheEnabler::run: [INFO] enter to ...
[rad_dataset.cpp:343] CRadDataSet::getServiceSettings: [INFO] enter to ...
[rad_dataset.cpp:327] CRadDataSet::getServiceManager: [INFO] enter to ...
[rad_dataset.cpp:336] CRadDataSet::getServiceManager: [INFO] exit from ..
[rad_dataset.cpp:352] CRadDataSet::getServiceSettings: [INFO] exit from ..
[rad_cache_enabler.cpp:92] CRadCacheEnabler::run: [INFO] service malware not required cache
[rad_chain_runner.cpp:83] CRadChainRunner::run: [INFO] run chain 'CRadCacheEnabler' is ok, l_read_total = 16
[rad_chain_runner.cpp:73] CRadChainRunner::run: [INFO] going to run chain 'CRadTrapperFetcher'
[rad_trapper_fetcher.cpp:54] CRadTrapperFetcher::run: [INFO] enter to ...
[rad_dataset.cpp:417] CRadDataSet::getQuery: [INFO] enter to ...
[rad_repository_container_data.h:127] CRadRepositoryContaineData::get: [INFO] enter to ...
[rad_repository_container_data.h:129] CRadRepositoryContaineData::get: [MISC] list: <CRadQuery> free objects = 99, used 0 of 100000
[rad_repository_container_data.h:143] CRadRepositoryContaineData::get: [INFO] exit from ..
[rad_dataset.cpp:427] CRadDataSet::getQuery: [INFO] exit from ..
[rad_query.cpp:160] CRadQuery::build: [INFO] enter to ...
[rad_http_request.cpp:103] CRadHttpRequest::build: [INFO] enter to ...
[rad_http_request.cpp:81] CRadHttpRequest::getBuilder: [INFO] enter to ...
[rad_http_request.cpp:95] CRadHttpRequest::getBuilder: [INFO] exit from ..
[rad_http_request.cpp:115] CRadHttpRequest::build: [INFO] find builder key new 'malware+0'
[rad_http_request_builder.cpp:68] CRadHttpRequestBuilder::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_host_64.cpp:35] CRadHttpRequestHost64::build: [INFO] enter to ...
[rad_http_request_host_64.cpp:61] CRadHttpRequestHost64::build: [INFO] 0x95c2ff8'keylen' found (18)
[rad_http_request_host_64.cpp:78] CRadHttpRequestHost64::build: [INFO] 0x95c2ff8'flags' found (0)
[rad_http_request_host_64.cpp:90] CRadHttpRequestHost64::build: [INFO] host resource is nebulaie.webex.com
[rad_http_request_comp_val64.cpp:28] CRadHttpRequestCompVal64::buildBase64: [INFO] enter to ...
[rad_http_request_comp_val64.cpp:41] CRadHttpRequestCompVal64::buildBase64: [INFO] Base64Length: 24, Base64Allocated: 34
[rad_http_request_comp_val64.cpp:42] CRadHttpRequestCompVal64::buildBase64: [INFO] Base64: bmVidWxhaWUud2ViZXguY29t
[rad_http_request_comp_val64.cpp:47] CRadHttpRequestCompVal64::buildBase64: [INFO] exit from ..
[rad_http_request_host_64.cpp:103] CRadHttpRequestHost64::build: [INFO] build indicator 'trapper:resource'
[rad_http_request_host_64.cpp:104] CRadHttpRequestHost64::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_optional_value.cpp:28] CRadHttpRequestOptionalValue::build: [INFO] enter to ...
[rad_http_request_optional_value.cpp:39] CRadHttpRequestOptionalValue::build: [INFO] unable to find 'cpradus:resend in value map
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_nline.cpp:26] CRadHttpRequestCompNLine::build: [INFO] enter to ...
[rad_http_request_comp_nline.cpp:30] CRadHttpRequestCompNLine::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_nline.cpp:26] CRadHttpRequestCompNLine::build: [INFO] enter to ...
[rad_http_request_comp_nline.cpp:30] CRadHttpRequestCompNLine::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_nline.cpp:26] CRadHttpRequestCompNLine::build: [INFO] enter to ...
[rad_http_request_comp_nline.cpp:30] CRadHttpRequestCompNLine::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_const.cpp:27] CRadHttpRequestCompConstConst::build: [INFO] enter to ...
[rad_http_request_comp_const.cpp:31] CRadHttpRequestCompConstConst::build: [INFO] exit from ..
[rad_http_request_comp_nline.cpp:26] CRadHttpRequestCompNLine::build: [INFO] enter to ...
[rad_http_request_comp_nline.cpp:30] CRadHttpRequestCompNLine::build: [INFO] exit from ..
[rad_http_request_comp_nline.cpp:26] CRadHttpRequestCompNLine::build: [INFO] enter to ...
[rad_http_request_comp_nline.cpp:30] CRadHttpRequestCompNLine::build: [INFO] exit from ..
[rad_http_request_builder.cpp:81] CRadHttpRequestBuilder::build: [INFO] exit from ..
[rad_http_request.cpp:132] CRadHttpRequest::build: [INFO] Request Location 'cws.checkpoint.com:80'
[rad_http_request.cpp:133] CRadHttpRequest::build: [INFO] Request Proxy Location ''
[rad_http_request.cpp:141] CRadHttpRequest::build: [INFO] build request =
GET /Malware/malware/6.0?resource=bmVidWxhaWUud2ViZXguY29t&key=123456 HTTP/1.1
Connection: Keep-Alive
User-Agent: RAD_CLIENT
Host: cws.checkpoint.com:80


[rad_http_request.cpp:142] CRadHttpRequest::build: [INFO] exit from ..
[rad_query.cpp:175] CRadQuery::build: [INFO] build request is successful for service 'malware'
[rad_query.cpp:176] CRadQuery::build: [INFO] exit from ..
[rad_query.cpp:192] CRadQuery::startTripTime: [INFO] enter to ...
[rad_query.cpp:183] CRadQuery::startTime: [INFO] enter to ...
[rad_query.cpp:185] CRadQuery::startTime: [INFO] start time at: 1.59653e+12
[rad_query.cpp:186] CRadQuery::startTime: [INFO] exit from ..
[rad_query.cpp:194] CRadQuery::startTripTime: [INFO] exit from ..
[rad_http_request.cpp:55] CRadHttpRequest::getLocation: [INFO] enter to ...
[rad_http_request.cpp:160] CRadHttpRequest::toString2: [INFO] enter to ...
[rad_http_request.cpp:175] CRadHttpRequest::toString2: [INFO] Fixed request = http://cws.checkpoint.com:80/Malware/malware/6.0?resource=bmVidWxhaWUud2ViZXguY29t&key=123456
[rad_io_tasks_manager.cpp:84] CRadIoTasksManager::scheduleIoTask: [INFO] enter to ...
[rad_io_tasks_manager.cpp:106] CRadIoTasksManager::scheduleIoTask: [INFO] Scheduling HTTP task
[rad_thread_pools_container.cpp:49] CRadThreadPoolsContainer::instance: [INFO] enter to ...
[rad_thread_pool.cpp:50] CRadThreadPool::addTask: [INFO] enter to ...
[rad_thread_pool.cpp:65] CRadThreadPool::addTask: [INFO] task added to queue
[rad_trapper_fetcher.cpp:100] CRadTrapperFetcher::run: [INFO] exit from ..
[rad_chain_runner.cpp:83] CRadChainRunner::run: [INFO] run chain 'CRadTrapperFetcher' is ok, l_read_total = 16
[rad_chain_runner.cpp:87] CRadChainRunner::run: [INFO] succefull running the chain, l_read_total = 16
[rad_chain_runner.cpp:88] CRadChainRunner::run: [INFO] exit from ..
[rad_trap_task.cpp:64] CRadTrapTask::run: [INFO] chain successfull run pass ok, total bytes = 0
[rad_curl_task.cpp:65] CRadCurlTask::run: [INFO] enter to ...
[rad_curl_task.cpp:45] CRadCurlTask::get_my_curl_handle: [INFO] enter to ...
[rad_curl_http_task.cpp:26] CRadCurlHttpTask::configureCurl: [INFO] enter to ...
[rad_curl_http_task.cpp:36] CRadCurlHttpTask::configureCurl: [INFO] Request: 'http://cws.checkpoint.com:80/Malware/malware/6.0?resource=bmVidWxhaWUud2ViZXguY29t&key=123456'
[rad_curl_http_task.cpp:76] CRadCurlHttpTask::configureCurl: [INFO] Set curl shared object
[rad_curl_http_task.cpp:95] CRadCurlHttpTask::configureCurl: [INFO] Curl configuration done
[rad_curl_task.cpp:103] CRadCurlTask::run: [ERROR] handle: 0x96e8060 curl_easy_perform() failed: Timeout was reached

0 Kudos