Extensive delays and network connection loss upgrading sensors


Little green alien
Anyone else experiencing extensive (3+ hour) delays upgrading sensors? the server took  less than an hour. The sensor has taken a long time and keeps dropping connection. 

Best Answer

  • Answer ✓

    OpenVPN should negate pretty much any proxy filtering (gotta love how easily SA is thwarted...), so that would not be the issue.

    A reboot or reconfig is not likely to address an OpenVPN issue. Of course, if you not using the Alienvault proxy configuration in combination with our VPN config (assuming you mean an open VPN connection configured using alienvault VPN services), the update would not use our VPN, but would use the default gateway as the default VPN configuration is to only send data destined specifically . 


  • zparker,

    I checked our support cases, and was not able to find any issues opened regarding this since the 5.4.3 release. This is not something we are seeing across customers.
  • Never made it past this.

    Get:39 http://data.alienvault.com/alienvault5/mirror/jessie-security/ jessie/updates/main libsmbclient amd64 2:4.2.14+dfsg-0+deb8u8 [147 kB]
  • zparker,

    I checked and confirmed no issues with that package on the server. a quick check of my server and remote sensors in the lab confirms that it installed without issue.

    ii  smbclient                                2:4.2.14+dfsg-0+deb8u8             amd64        command-line SMB/CIFS clients for Unix

  • Lined up with an awesome AV tech in the am.. Hopefully we get it squared away. 
  • zach,

    If the sensors are all stopping on the same file, have you checked your firewall/proxy to confirm you are not getting a block on a signature false positive. There may be a message in the logs if this is the case.

  • I did not think to check the firewall in this situation. Even if there was a file getting block, it wouldn't cause network connectivity problems from a openvpn standpoint would it? This client is using a basic firewall used by a lot of organizations, seems like this issue would be more wide spread. 

    I was getting dropped connection every other minute but the connection seems stabilized now. Any chance a reboot and/or run alienvault-update could get it moving?
  • AV Tech Colin (always elite) was able to get it to update. I was still dropping connections but it might have been due to a quality of service issue at that site. Thanks for all of the help. 
