Cisco Cisco Web Security Appliance S360 Fehlerbehebungsanleitung
Why am I receiving alerts for FTP log push errors
even when the transfer was successful?
even when the transfer was successful?
Document ID: 118135
Contributed by Vladimir Sousa and Siddharth Rajpathak, Cisco TAC
Engineers.
Engineers.
Jul 31, 2014
Contents
Question:
Question:
Why am I receiving alerts for FTP log push errors even when the transfer was successful?
Environment:
WSA, Log push configured to use FTP server, FTP server that replies with a 221 when closing the
transmission channel (we currently only know of BulletProof FTP server displaying this behavior)
WSA, Log push configured to use FTP server, FTP server that replies with a 221 when closing the
transmission channel (we currently only know of BulletProof FTP server displaying this behavior)
Symptoms:
Users are receiving email alerts from their Web Security Appliances stating that the push of their accesslogs
has failed. However, they are seeing the files being pushed without any problems.
Users are receiving email alerts from their Web Security Appliances stating that the push of their accesslogs
has failed. However, they are seeing the files being pushed without any problems.
The email should be similar to the following:
The Critical message is: Log Error: Push error for subscription accesslogs: An FTP command failed to
10.12.1.3: 221
The Critical message is: Log Error: Push error for subscription accesslogs: An FTP command failed to
10.12.1.3: 221
Solution:
This problem is result of a known limitation in the AsyncOS (Defect# CSCzv96454) where the appliance
receives a reply from the FTP server with the code 221 after quitting the session.
This problem is result of a known limitation in the AsyncOS (Defect# CSCzv96454) where the appliance
receives a reply from the FTP server with the code 221 after quitting the session.
The FTP conversation would be similar to the following:
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
220 BulletProof FTP Server ready ...
USER <username>
331 Password required for <username>.
PASS <password>
230 User <username> logged in.
TYPE I
200 Type set to I.
CWD /
250 CWD command successful. "/" is current directory.
PASV
227 Entering Passive Mode (10,12,1,3,153,110)
STOR aclog.@20100104T145359.s
150 Data connection accepted from 10.12.100.241:7136; transfer starting for aclog.@20100104T145359.s.
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
220 BulletProof FTP Server ready ...
USER <username>
331 Password required for <username>.
PASS <password>
230 User <username> logged in.
TYPE I
200 Type set to I.
CWD /
250 CWD command successful. "/" is current directory.
PASV
227 Entering Passive Mode (10,12,1,3,153,110)
STOR aclog.@20100104T145359.s
150 Data connection accepted from 10.12.100.241:7136; transfer starting for aclog.@20100104T145359.s.