Syslog, SNMP, Cloud backup stops unexpectedly on NSA 3650 HA Pair -- What is cause? fix?
HI
I have a NSA3650 HA pair. For an unknown reason, the pair stops sending syslog, stops responding to SNMP, and stops the nightly cloud backup. The running SonicWall continues to pass traffic and responds to management and configuration changes. The system continues to pass traffic. Information is displayed in Log Monitor. The SNMP option "Increase SNMP subsystem priority" is checked. It appears that one or more subsystems stop running or are starved for resources.
What could be the cause and fix for the functionality change?
syslog is sent via UDP 514 to (1) Linux server, and (2) FastVue Reporter for SonicWall
SNMP monitoring is done via Site24x7.
Cloud backup is scheduled nightly, but stops when the system stops responding to SNMP and stops syslog
The system specifics are
Firmware Version: SonicOS Enhanced 6.5.4.7-83n
Safemode Version: SafeMode 6.2.5.6
ROM Version: SonicROM 5.7.1.7
CPUs: 36.08% - 6.40 GHz (4 x 1600 MHz Mips64 Octeon Processor)
Total Memory: 4 GB RAM, 2 GB Flash
Built-in Storage: Available: 32 GB Used: 1.68 GB
Workaround: Boot BOTH SonicWalls. Booting the running SonicWall moves the traffic to the standby firewall, but does not bring SNMP and logging back
I look forward to your advice.
Thanks
Greg
Answers
Since I started this issue, I have learned a bit more.
The issue is the CPU 0 is pegged at 100%. The culprit is cloudSyncTask. The task absorbs all unused CPU cycles and apparently blocks syslog and SNMP.
The Core 0 Process Monitor from the Diagnostic tools page shows the following.
The fault is related to Dynamic Botnet List. It is a known error, issue ID: GEN6-2190.
The simplest fix is to Clear/Disable "Enable Dynamic Botnet List". Version 6.5.4.7-83n appears to be stable with the botnet download turned off. This is for a custom botnet download. The SonicWall continues to check addresses against the SonicWall botnet list, dependent upon licensing
A hotfix, sw_nsa-3650_eng_6.5.4.8_6.5.4_88n_1265207.sig, is also available. It is available via Technical Support.
The following text shows the information from Shipra Sahu in a different ticket.
I see a similar reported issue where the "enable dynamic botnet list" download causing CloudSyncTask to reach 100% usage. This is reported under issue ID: GEN6-2190.
Do you have the "dynamic botnet list" enabled on the firewall? If yes, looks like there is a Hotfix firmware already available to take care of this issue. Please reach out to the Support Team for the same.