Content Filter Communication Status Warning and Critical With Disk Issue.
search cancel

Content Filter Communication Status Warning and Critical With Disk Issue.

book

Article ID: 245220

calendar_today

Updated On: 12-20-2024

Products

SG-VA ProxySG Software - SGOS ISG Proxy

Issue/Introduction

Content Filter communication Status warning and critical at all of sudden. 

Example of Critical in sysinfo.

Stat: Content Filter Communication Status
Current State                 : CRITICAL
Last Transition               : xxxxxxxxxxx
Current Value                 : Categorization has 553 update errors
Unit of Measurement           : update errors
Warning Threshold             : 10
Warning Interval              : 0
Critical Threshold            : 200
Critical Interval             : 0
Notification Method           : log

In event log :

"CFS: Categorization database: New update available"  0 0:FF  is_subscription_loader_impl.cpp:425
"CFS: Categorization database: Extracting: 423360300-423370000.cat"  0 0:FF  is_subscription_loader_impl.cpp:291
"CFS: Categorization database: Processing differential"  0 0:FF  is_subscription_loader_impl.cpp:332
"Failed trying to extract and activate the Categorization payload file"  0 AF0000:1  loader_impl.cpp:347

 

Environment

All version of Edge SWG software.

 

Cause

This is caused by disk full and switching master disk while new content filter database is  installing.

Edge SWG found new database and start installing it.
"CFS: Categorization database: New update available"  0 0:FF  is_subscription_loader_impl.cpp:425
"CFS: Categorization database: Waiting for install"  0 0:FF  is_database_subscription_loader_impl.cpp:48

Disk3 is no more space, and switching Disk2 as master.
"Disk 3 is invalid because there is no more free space IO status is 0x0
"Disk 2 has been chosen as the master."  0 4802C:64 Mailed ceddset.cpp:798

It then fails to install new database.
"Failed trying to extract and activate the Categorization payload file"  0 AF0000:1  loader_impl.cpp:347

Disk full is usually related to ICAP temporary files. We recommend bypassing streaming sites. For more information, see below.

Create a Rule to Exempt an Entity from Content Security Policy

Configure Policy Services


The below files are deprecated by policy services and are not a direct drop in for SGOS 7.x:
Bypass Scanning for Large Files with The ICAP Best Practices Policy

Content Analysis Best Practice

Resolution

Additional Information

In event log, disk has only few spaces and messages would have shown up before disk initialization. 

"Disk 3 has only 4 free space (701439 blocks free out of 15600780) for 216771 objects."  

The message might have seen 1~2 days before disk initialization but this time-lag can not be calculated, and not 100% sure . Monitoring the event log all day is not realistic as well.  However, it is possible to send entire event log to the syslog by configuring syslog IP address to export the event log.  

Then, monitoring the message in syslog and application would be possible.

 

---------------------------
SGOS version 7.3 has an ability to automatically clean up temporary objects. 

#(config)ce
#(config ce)view
transient-object-cleanup          : enabled 

 

Powered by Wolken Software