Security Analytics Anomaly Detection not working, Failed to connect to localhost

book

Article ID: 169311

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

When Security Analytics versions 7.2.1 and 7.2.2 have a proxy configured, adm-connector may fail.

This is evidenced in /var/log/messages with the following:

Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: Error performing URL transaction for localhost:8080/engine/v1/jobs: curl error 7: curl data: Failed to connect to localhost port 8080: Connection refused

This may be followed by a segfault in adm-connector (the Anomaly Detection engine):

Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: snlog: sn="00:0c:29:51:5c:dc" id="DS" m="29" c="1" event="PROGRAM_SEGFAULT" category="SYSTEM" ip="172.24.10.22" model="Virtual Appliance" msg="PROGRAM=adm-connector"
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: ABRT frame 1: /lib64/libpthread.so.0 [0x7f0e1bd510f0]
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: ABRT frame 2: /lib64/libc.so.6(gsignal+0x35) [0x7f0e19092f05]
Jan 9 16:06:00 hostname /usr/sbin/adm-connector[16933]: ABRT frame 3: /lib64/libc.so.6(abort+0x183) [0x7f0e19094a73]
[etc.]

 

Cause

The adm-connector service is following the proxy configuration when trying to reach other services running locally on the appliance.

Resolution

This has been resolved in Security Analytics version 7.2.3.  

Workaround

If you are not running 7.2.3, you can add "localhost" to the no_proxy environment variable and reboot the appliance:

1. Log into the appliance via SSH as the 'root' user

2. Run the following command to add 'localhost' to the no_proxy variable in /etc/environment
sed -i /etc/environment -e 's/^no_proxy="/no_proxy="localhost,/'

3. Reboot the appliance