Security Analytics Anomaly Detection not working, Failed to connect to localhost
Article ID: 169311
Updated On:
Products
Security Analytics
Issue/Introduction
When Security Analytics versions 7.2.1 and 7.2.2 have a proxy configured, adm-connector may fail.
This is evidenced in /var/log/messages with the following:
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: Error performing URL transaction for localhost:8080/engine/v1/jobs: curl error 7: curl data: Failed to connect to localhost port 8080: Connection refused
This may be followed by a segfault in adm-connector (the Anomaly Detection engine):
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: snlog: sn="00:0c:29:51:5c:dc" id="DS" m="29" c="1" event="PROGRAM_SEGFAULT" category="SYSTEM" ip="172.24.10.22" model="Virtual Appliance" msg="PROGRAM=adm-connector"
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: ABRT frame 1: /lib64/libpthread.so.0 [0x7f0e1bd510f0]
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: ABRT frame 2: /lib64/libc.so.6(gsignal+0x35) [0x7f0e19092f05]
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: ABRT frame 3: /lib64/libc.so.6(abort+0x183) [0x7f0e19094a73]
[etc.]
This is evidenced in /var/log/messages with the following:
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: Error performing URL transaction for localhost:8080/engine/v1/jobs: curl error 7: curl data: Failed to connect to localhost port 8080: Connection refused
This may be followed by a segfault in adm-connector (the Anomaly Detection engine):
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: snlog: sn="00:0c:29:51:5c:dc" id="DS" m="29" c="1" event="PROGRAM_SEGFAULT" category="SYSTEM" ip="172.24.10.22" model="Virtual Appliance" msg="PROGRAM=adm-connector"
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: ABRT frame 1: /lib64/libpthread.so.0 [0x7f0e1bd510f0]
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: ABRT frame 2: /lib64/libc.so.6(gsignal+0x35) [0x7f0e19092f05]
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: ABRT frame 3: /lib64/libc.so.6(abort+0x183) [0x7f0e19094a73]
[etc.]
Cause
The adm-connector service is following the proxy configuration when trying to reach other services running locally on the appliance.
Resolution
This has been resolved in Security Analytics version 7.2.3.
1. Log into the appliance via SSH as the 'root' user
2. Run the following command to add 'localhost' to the no_proxy variable in /etc/environment
sed -i /etc/environment -e 's/^no_proxy="/no_proxy="localhost,/'
3. Reboot the appliance
Workaround
If you are not running 7.2.3, you can add "localhost" to the no_proxy environment variable and reboot the appliance:1. Log into the appliance via SSH as the 'root' user
2. Run the following command to add 'localhost' to the no_proxy variable in /etc/environment
sed -i /etc/environment -e 's/^no_proxy="/no_proxy="localhost,/'
3. Reboot the appliance
Feedback
Powered by
