Known Issues for On-Premises Appliance Version 77.5.0

Known Issues for On-Premises Appliance Version 77.5.0

The following known issues are included in this release.

Issue NumberIssue DescriptionWorkaround
141914Troubleshooting clear-unfinished-files does not clear alerts and entries for “parts” of the file.There is no workaround.
140546Appliance status is not updated on tenant UI. No other functionality is impacted.There is no workaround.
127206Some of the session files we create are corrupted since the program does not close the files properly. This causes uploads to fail.

Changes to the code fixes the issue in some cases. In case of large files that are segmented into multiple smaller files, this issue may persist.

There is no workaround.
140369The command status log-file-history <summary/filename> shows time taken is -1 day for parts.
"nssyslogng_proxysg-http-main.log.part-1": [
"splitting finished at 2021-09-20 17:04:22.636000",
"completed processing at 2021-09-20 17:12:03.413000",
"completed uploading to cloud at 2021-09-20 17:12:16.147000",
"extracted 101370 events from 465325 lines",
"no of sessions is 30338",
"time taken = -1 day, 23:30:51.964274"
There is no workaround.
113689If timezone is configured on the OPLP appliance and timezone is also specified in the parser, then the date and time for the logs uploaded through the OPLP appliance is incorrect in Skope IT.There is no workaround.
127783‘Failed to get hostname’ error message in the nsforwarder.log file.The error message does not impact the functionality and can be ignored.
127734‘Unable to read file’ error message in the os_list.json file.The error message does not impact the functionality and can be ignored.
127686Traffic which is on non-standard HTTP(S) ports is getting dropped. You may see the following error: ERROR lcforwardproxy 111 APPMODULE 227: …The error message does not impact the functionality and can be ignored.
127290The following error can be ignored: ERROR lcforwardproxy 101 SYNTHETIC 228:SyntheticTemplateConfig.cpp: trid= rqid= tenantid= user=” config block ‘activity’ is not allowed to be emptyThere is no workaround.
127095Time-based inline security policies is broken for customers using DPoP.There is no workaround.

Currently, discovery / OPLP can accept log files, system logs, and custom parsers files in UTF-8 encoding only.

If these files are encoded using other encodings, we may fail to parse them properly. This will manifest as UnicodeDecodeError in our logs.

The best practice is to set UTF-8 as the default encoding in all pipelines feeding into OPLP. UTF-8 can handle any character set, so this will not result in any information loss.

For the log files that are already encoded without using UTF-8, convert these files to UTF-8 before uploading them to OPLP.

The following is an example using a file that is encoded in UTF-16.

  1. Unzip if log files are zipped.  In this example, the unzipped text file is logsample.log.
  2. Check current encoding used: file logsample.log > outputs “Little-endian UTF-16 Unicode text,”
  3. Convert it to UTF-8 as  iconv -c -f utf-16 -t utf-8 logsample.log > logsample_utf8.log
  4. Send logsample_utf8.log to OPLP either as a text file or zipped file.
Share this Doc

Known Issues for On-Premises Appliance Version 77.5.0

Or copy link

In this topic ...