5 réponses à ce sujet

[Denfreeman]

Здравствуйте! Проблема с одним ПК в сети. Около 40 ПК с агентом в сети, все нормально работают, лимит лицензий не привышен. Но один агент не может установить соединение (На проблемном ПК стоит Windows Xp SP3). Логи прикрепляю с проблемного ПК. Помогите разобраться что ему нужно?! Заранее благодарен за помощь.

 Logs.zip   48,31 Ko   3 téléchargement(s)

[Kirill Polubelov]

За те три-четыре минуты, что попвли в лог, одно неуспешное соединение, причина которого скрыта, из-за того, что лог недебажный (хотя, можно попробовать посмотреть со стороны сервера, в его логе drwcsd.log), второе соединение не успело отвалиться, до момента снятия лога.

 

head dwservice.log; grep -a -i reconnector dwservice.log; tail dwservice.log
2017-Jan-13 11:50:12.453125 [284] [WRN] [escanner][DrWebSE:1] Object E:\Program Files\OpenOffice.org 3\Basis\share\template\wizard\letter\ru\bus-elegant_l.ott - scan result is archive(4096)
2017-Jan-13 11:50:12.484375 [4000] [LOG] Rotate log...
===============================================================================
 Dr.Web Control Service for Windows v11.0.9.09150
 Copyright © Doctor Web, Ltd., 1992-2017
 Current arch: x86
 Binary: x32
 Operating System: win/nt/xp
 Command line: E:\Program Files\DrWeb\dwservice.exe --logfile=E:\Documents and Settings\All Users\Application Data\Doctor Web\Logs\dwservice.log
===============================================================================
2017-Jan-13 11:51:35.437500 [3992] [INF] [reconnector] 20170113.115135.43 inf [00652 0f98] noname [Layer/A2SSession] Connected to "tcp://192.168.1.5:2193"
2017-Jan-13 11:51:35.453125 [3992] [INF] [reconnector] 20170113.115135.45 wrn [00652 0f98] noname [ADS-Info] Unable to get this computer DN because of �� ������� �������� ������ � ������������ �� ����������� ������. ���� �� ��������, ���� � ���� ��� �������.
2017-Jan-13 11:51:35.609375 [3992] [INF] [Reconnector] ES connected to 192.168.1.5:2193 'connected successfully'
2017-Jan-13 11:51:35.687500 [4004] [INF] [reconnector] request settings for 4
2017-Jan-13 11:51:35.687500 [4004] [INF] [reconnector] request settings for 30
2017-Jan-13 11:51:35.687500 [4004] [INF] [reconnector] request settings for 57
2017-Jan-13 11:51:35.687500 [4004] [INF] [reconnector] request settings for 103
2017-Jan-13 11:51:35.687500 [4004] [INF] [reconnector] request settings for 124
2017-Jan-13 11:51:35.812500 [4000] [INF] [Reconnector] New Rights
2017-Jan-13 11:51:55.328125 [3988] [ERR] [Reconnector] SERVER VIOLATION: invalid ModificationTime
2017-Jan-13 11:51:55.328125 [3988] [INF] [reconnector] 20170113.115155.32 inf [00652 0f94] noname [Layer/A2SSession] "tcp://192.168.1.5:2193(dead)" disconnected
2017-Jan-13 11:51:55.343750 [3988] [INF] [reconnector] ES disconnected
2017-Jan-13 11:51:55.343750 [3988] [INF] [reconnector] retry ... 120 seconds
2017-Jan-13 11:53:55.484375 [3988] [INF] [reconnector] 20170113.115355.48 inf [00652 0f94] noname [Layer/A2SSession] Connected to "tcp://192.168.1.5:2193"
2017-Jan-13 11:53:55.500000 [3988] [INF] [reconnector] 20170113.115355.50 wrn [00652 0f94] noname [ADS-Info] Unable to get this computer DN because of �� ������� �������� ������ � ������������ �� ����������� ������. ���� �� ��������, ���� � ���� ��� �������.
2017-Jan-13 11:53:55.640625 [3988] [INF] [Reconnector] ES connected to 192.168.1.5:2193 'connected successfully'
2017-Jan-13 11:53:55.671875 [3992] [INF] [reconnector] request settings for 4
2017-Jan-13 11:53:55.671875 [3992] [INF] [reconnector] request settings for 30
2017-Jan-13 11:53:55.671875 [3992] [INF] [reconnector] request settings for 57
2017-Jan-13 11:53:55.671875 [3992] [INF] [reconnector] request settings for 103
2017-Jan-13 11:53:55.671875 [3992] [INF] [reconnector] request settings for 124
2017-Jan-13 11:53:55.953125 [3988] [INF] [Reconnector] New Rights
2017-Jan-13 11:54:01.625000 [4000] [INF] [DbStorage] exec select: "SELECT time FROM events WHERE rowid = 2383"
2017-Jan-13 11:54:01.656250 [3324] [INF] [DbStorage] exec select: "SELECT state FROM quarantine_sync WHERE guid = 'F1F8702FF6AFA686FF98A16EBAEB480E9C1215A0E1F25D68213E8C626853AEFD'"
2017-Jan-13 11:54:01.671875 [3324] [INF] [DbStorage] exec: "UPDATE quarantine_sync SET state = 1 WHERE guid = 'F1F8702FF6AFA686FF98A16EBAEB480E9C1215A0E1F25D68213E8C626853AEFD'"
2017-Jan-13 11:54:01.796875 [3996] [INF] [DbStorage] exec: "UPDATE events SET is_sent=1 WHERE rowid=2383"
2017-Jan-13 11:54:01.937500 [3324] [INF] [DbStorage] exec select: "SELECT state FROM quarantine_sync WHERE guid = 'F1fb95b1865c98b9d71282851ddf5318939adb6649541418e81fbd17f9ee245a'"
2017-Jan-13 11:54:01.937500 [3324] [INF] [DbStorage] exec: "UPDATE quarantine_sync SET state = 1 WHERE guid = 'F1fb95b1865c98b9d71282851ddf5318939adb6649541418e81fbd17f9ee245a'"
2017-Jan-13 11:54:02.062500 [3324] [INF] [DbStorage] exec select: "SELECT state FROM quarantine_sync WHERE guid = 'F1d440434f7863876837bb80270201c661b00420ebbdfb0734ca53bb5790c081'"
2017-Jan-13 11:54:02.062500 [3324] [INF] [DbStorage] exec: "UPDATE quarantine_sync SET state = 1 WHERE guid = 'F1d440434f7863876837bb80270201c661b00420ebbdfb0734ca53bb5790c081'"
2017-Jan-13 11:54:02.281250 [3324] [INF] [DbStorage] exec select: "SELECT state FROM quarantine_sync WHERE guid = 'F1e80efedf7d6af4e9a6bb00b0bf0cdddb70c4c6f1dacad03169ebd190a76f85'"
2017-Jan-13 11:54:02.281250 [3324] [INF] [DbStorage] exec: "UPDATE quarantine

 

Судя по косвенным признакам, плотненько синхронизация карантина идёт. Может быть, а может и не быть, одним из факторов.

[Denfreeman]

Лог с сервера проблемный агент (WS21-2)

 drwcsd.log   2,72 Mo   1 téléchargement(s)

[Denfreeman]

И еще последний кусок с сервера (Агент вроде подключился глядя на веб морду и потом пропал) (ИП статика прописана 192.168.1.212)
 

20170116.174704.80 db3 [01520 072c] wrk:5  tcp://192.168.1.212:3366/st: Do not redistribute event "RUN-BEGIN" because of no receiver found
20170116.174704.80 db3 [01520 072c] wrk:5  [SqLite3/1] Statement "COMMIT"
20170116.174704.80 db3 [01520 072c] wrk:5  [DB] Database has been freed but nobody wants it now
20170116.174704.80 db3 [01520 072c] wrk:5  [DB] Successful COMMIT transaction, 2 statements, 00.000 wait, 00.000 execute, 00.000 commit
20170116.174704.80 db3 [01520 072c] wrk:5  [DB] Successful "IS client event" transaction committed well
20170116.174704.80 db3 [01520 072c] wrk:5  [DB] Thread has freed connection "IS client event"
20170116.174704.80 tr3 [01520 072c] wrk:5  [Layer/Common] tcp://192.168.1.212:3366/st: Ping restart requested without sending
20170116.174704.80 tr3 [01520 072c] wrk:5  [Layer/TextProto] tcp://192.168.1.212:3366: rcv <23 CSTART 20170116084807875 103 8 103 NT%SAUTHORITY\SYSTEM %Z>
20170116.174704.80 db3 [01520 072c] wrk:5  [Layer/Common] tcp://192.168.1.212:3366/st: Cancel ping with reason "CSTART"
20170116.174704.80 db3 [01520 072c] wrk:5  [DB] Thread has got connection "component started"
20170116.174704.80 db3 [01520 072c] wrk:5  [DB] Database is free to use
20170116.174704.80 db3 [01520 072c] wrk:5  [SqLite3/1] Statement "BEGIN TRANSACTION"
20170116.174704.80 db3 [01520 072c] wrk:5  [DB] Successful BEGIN transaction, 00.001 wait
20170116.174704.80 db2 [01520 072c] wrk:5  [DB] 1 row changed, 00.000, INSERT INTO station_running VALUES(?,?,?,?,?,?,?) ["90f0423d-add7-e611-196e-e4f7a63b1f4d", 103, 8, 103, "NT AUTHORITY\SYSTEM", "", 20170116084807875]
20170116.174704.80 db3 [01520 072c] wrk:5  [SqLite3/1] Statement "COMMIT"
20170116.174704.80 db3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3366/st: Ping has been canceled
20170116.174704.90 tr3 [01520 0724] wrk:3  [Layer/Common] tcp://192.168.1.26:61360/st: Ping restart requested with sending
20170116.174704.90 tr3 [01520 0724] wrk:3  [Layer/TextProto] tcp://192.168.1.26:61360: snd <90 PING 6362015322490514140>
20170116.174704.90 tr3 [01520 0720] wrk:2  [Layer/TextProto] tcp://192.168.1.26:61360: rcv <102 PONG 6362015322490514140 6362015331542400000>
20170116.174704.90 tr3 [01520 0720] wrk:2  tcp://192.168.1.26:61360/st: Pong round trip time is 1ms
20170116.174704.95 db3 [01520 072c] wrk:5  [DB] Database has been freed but nobody wants it now
20170116.174704.95 db3 [01520 072c] wrk:5  [DB] Successful COMMIT transaction, 3 statements, 00.001 wait, 00.157 execute, 00.157 commit
20170116.174704.95 db3 [01520 072c] wrk:5  [DB] Successful "component started" transaction committed well
20170116.174704.95 db3 [01520 072c] wrk:5  [DB] Thread has freed connection "component started"
20170116.174704.95 tr3 [01520 072c] wrk:5  [Layer/Common] tcp://192.168.1.212:3366/st: Ping restart requested without sending
20170116.174704.95 tr3 [01520 0720] wrk:2  [Layer/TextProto] tcp://192.168.1.212:3366: rcv <24 NETADDRESS %D0%9F%D0%BE%D0%B4%D0%BA%D0%BB%D1%8E%D1%87%D0%B5%D0%BD%D0%B8%D0%B5%S%D0%BF%D0%BE%S%D0%BB%D0%BE%D0%BA%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B9%S%D1%81%D0%B5%D1%82%D0%B8%S2 192.168.1.212 0.0.0.0 40:61:86:e4:7d:94>
20170116.174704.95 db3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3366/st: Cancel ping with reason "NETADDRESS"
20170116.174704.95 db3 [01520 0720] wrk:2  [DB] Thread has got connection "register station network addresses"
20170116.174704.95 db3 [01520 0720] wrk:2  [DB] Database is free to use
20170116.174704.95 db3 [01520 0720] wrk:2  [SqLite3/1] Statement "BEGIN TRANSACTION"
20170116.174704.95 db3 [01520 0720] wrk:2  [DB] Successful BEGIN transaction, 00.000 wait
20170116.174704.95 db2 [01520 0720] wrk:2  [DB] 1 row changed, 00.001, DELETE FROM station_netaddr WHERE id=? ["90f0423d-add7-e611-196e-e4f7a63b1f4d"]
20170116.174704.95 db2 [01520 0720] wrk:2  [DB] 1 row changed, 00.000, INSERT INTO station_netaddr VALUES(?,?,?,?,?,?) ["90f0423d-add7-e611-196e-e4f7a63b1f4d", "\xD0\x9F\xD0\xBE\xD0\xB4\xD0\xBA\xD0\xBB\xD1\x8E\xD1\x87\xD0\xB5", "192.168.1.212", "0.0.0.0", "40:61:86:e4:7d:94", 20170116084704958]
20170116.174704.95 db3 [01520 0720] wrk:2  [SqLite3/1] Statement "COMMIT"
20170116.174704.96 db3 [01520 072c] wrk:5  [Layer/Common] tcp://192.168.1.212:3366/st: Ping has been canceled
20170116.174705.31 db3 [01520 0720] wrk:2  [DB] Database has been freed but nobody wants it now
20170116.174705.31 db3 [01520 0720] wrk:2  [DB] Successful COMMIT transaction, 4 statements, 00.000 wait, 00.358 execute, 00.357 commit
20170116.174705.31 db3 [01520 0720] wrk:2  [DB] Successful "register station network addresses" transaction committed well
20170116.174705.31 db3 [01520 0720] wrk:2  [DB] Thread has freed connection "register station network addresses"
20170116.174705.31 tr3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3366/st: Ping restart requested without sending
20170116.174705.31 tr3 [01520 0720] wrk:2  [Layer/TextProto] tcp://192.168.1.212:3366: rcv <25 BEGIN 20170116084806968 405174e7-4767-4d0f-a409-eb9714b619e6 103 NT%SAUTHORITY\SYSTEM 0 0>
20170116.174705.31 db3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3366/st: Cancel ping with reason "BEGIN"
20170116.174705.31 db3 [01520 0720] wrk:2  [DB] Thread has got connection "process BEGIN event"
20170116.174705.31 db3 [01520 0720] wrk:2  [DB] Database is free to use
20170116.174705.31 db3 [01520 0720] wrk:2  [SqLite3/1] Statement "BEGIN TRANSACTION"
20170116.174705.31 db3 [01520 0720] wrk:2  [DB] Successful BEGIN transaction, 00.000 wait
20170116.174705.31 db2 [01520 0720] wrk:2  [DB] 1 row read, 00.000, SELECT id FROM station_run WHERE id=? AND processid=? AND originator=? ["90f0423d-add7-e611-196e-e4f7a63b1f4d", "405174e7-4767-4d0f-a409-eb9714b619e6", 103]
20170116.174705.31 db2 [01520 0720] wrk:2  [DB] 1 row changed, 00.001, UPDATE station_run SET engine=?,viruses=?,username=? WHERE id=? AND processid=? AND originator=? [0, 0, "NT AUTHORITY\SYSTEM", "90f0423d-add7-e611-196e-e4f7a63b1f4d", "405174e7-4767-4d0f-a409-eb9714b619e6", 103]
20170116.174705.31 db3 [01520 0720] wrk:2  [SqLite3/1] Statement "COMMIT"
20170116.174705.31 db3 [01520 072c] wrk:5  [Layer/Common] tcp://192.168.1.212:3366/st: Ping has been canceled
20170116.174705.50 db3 [01520 0720] wrk:2  [DB] Database has been freed but nobody wants it now
20170116.174705.50 db3 [01520 0720] wrk:2  [DB] Successful COMMIT transaction, 4 statements, 00.000 wait, 00.191 execute, 00.190 commit
20170116.174705.50 db3 [01520 0720] wrk:2  [DB] Successful "process BEGIN event" transaction committed well
20170116.174705.50 db3 [01520 0720] wrk:2  [DB] Thread has freed connection "process BEGIN event"
20170116.174705.50 tr3 [01520 0720] wrk:2  [Layer/TextProto] tcp://192.168.1.212:3366: snd <16 ACCEPTED 25>
20170116.174705.50 db3 [01520 0720] wrk:2  [DB] Thread has got connection "IS client event"
20170116.174705.50 db3 [01520 0720] wrk:2  [DB] Database is free to use
20170116.174705.50 db3 [01520 0720] wrk:2  [SqLite3/1] Statement "BEGIN TRANSACTION"
20170116.174705.50 db3 [01520 0720] wrk:2  [DB] Successful BEGIN transaction, 00.000 wait
20170116.174705.50 db3 [01520 0720] wrk:2  tcp://192.168.1.212:3366/st: Do not redistribute event "RUN-BEGIN" because of no receiver found
20170116.174705.50 db3 [01520 0720] wrk:2  [SqLite3/1] Statement "COMMIT"
20170116.174705.50 db3 [01520 0720] wrk:2  [DB] Database has been freed but nobody wants it now
20170116.174705.50 db3 [01520 0720] wrk:2  [DB] Successful COMMIT transaction, 2 statements, 00.000 wait, 00.000 execute, 00.000 commit
20170116.174705.50 db3 [01520 0720] wrk:2  [DB] Successful "IS client event" transaction committed well
20170116.174705.50 db3 [01520 0720] wrk:2  [DB] Thread has freed connection "IS client event"
20170116.174705.50 tr3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3366/st: Ping restart requested without sending
20170116.174705.50 tr3 [01520 072c] wrk:5  [Layer/TextProto] tcp://192.168.1.212:3366: rcv <26 CSTART 20170116084808578 144 8 144 NT%SAUTHORITY\SYSTEM %Z>
20170116.174705.50 db3 [01520 072c] wrk:5  [Layer/Common] tcp://192.168.1.212:3366/st: Cancel ping with reason "CSTART"
20170116.174705.50 db3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3366/st: Ping has been canceled
20170116.174705.50 db3 [01520 072c] wrk:5  [DB] Thread has got connection "component started"
20170116.174705.50 db3 [01520 072c] wrk:5  [DB] Database is free to use
20170116.174705.50 db3 [01520 072c] wrk:5  [SqLite3/1] Statement "BEGIN TRANSACTION"
20170116.174705.50 db3 [01520 072c] wrk:5  [DB] Successful BEGIN transaction, 00.000 wait
20170116.174705.50 db2 [01520 072c] wrk:5  [DB] 1 row changed, 00.000, INSERT INTO station_running VALUES(?,?,?,?,?,?,?) ["90f0423d-add7-e611-196e-e4f7a63b1f4d", 144, 8, 144, "NT AUTHORITY\SYSTEM", "", 20170116084808578]
20170116.174705.50 db3 [01520 072c] wrk:5  [SqLite3/1] Statement "COMMIT"
20170116.174705.64 db3 [01520 072c] wrk:5  [DB] Database has been freed but nobody wants it now
20170116.174705.64 db3 [01520 072c] wrk:5  [DB] Successful COMMIT transaction, 3 statements, 00.000 wait, 00.141 execute, 00.141 commit
20170116.174705.64 db3 [01520 072c] wrk:5  [DB] Successful "component started" transaction committed well
20170116.174705.64 db3 [01520 072c] wrk:5  [DB] Thread has freed connection "component started"
20170116.174705.64 tr3 [01520 072c] wrk:5  [Layer/Common] tcp://192.168.1.212:3366/st: Ping restart requested without sending
20170116.174705.64 tr3 [01520 0720] wrk:2  [Layer/TextProto] tcp://192.168.1.212:3366: rcv <27 BEGIN 20170116084807156 9588907b-2b2d-4e35-b769-64433d4cb699 144 NT%SAUTHORITY\SYSTEM 0 0>
20170116.174705.64 db3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3366/st: Cancel ping with reason "BEGIN"
20170116.174705.64 db3 [01520 0720] wrk:2  [DB] Thread has got connection "process BEGIN event"
20170116.174705.64 db3 [01520 0720] wrk:2  [DB] Database is free to use
20170116.174705.64 db3 [01520 0720] wrk:2  [SqLite3/1] Statement "BEGIN TRANSACTION"
20170116.174705.64 db3 [01520 0720] wrk:2  [DB] Successful BEGIN transaction, 00.000 wait
20170116.174705.65 db2 [01520 0720] wrk:2  [DB] 1 row read, 00.001, SELECT id FROM station_run WHERE id=? AND processid=? AND originator=? ["90f0423d-add7-e611-196e-e4f7a63b1f4d", "9588907b-2b2d-4e35-b769-64433d4cb699", 144]
20170116.174705.65 db2 [01520 0720] wrk:2  [DB] 1 row changed, 00.000, UPDATE station_run SET engine=?,viruses=?,username=? WHERE id=? AND processid=? AND originator=? [0, 0, "NT AUTHORITY\SYSTEM", "90f0423d-add7-e611-196e-e4f7a63b1f4d", "9588907b-2b2d-4e35-b769-64433d4cb699", 144]
20170116.174705.65 db3 [01520 0720] wrk:2  [SqLite3/1] Statement "COMMIT"
20170116.174705.65 db3 [01520 072c] wrk:5  [Layer/Common] tcp://192.168.1.212:3366/st: Ping has been canceled
20170116.174705.77 db3 [01520 0720] wrk:2  [DB] Database has been freed but nobody wants it now
20170116.174705.77 db3 [01520 0720] wrk:2  [DB] Successful COMMIT transaction, 4 statements, 00.000 wait, 00.127 execute, 00.126 commit
20170116.174705.77 db3 [01520 0720] wrk:2  [DB] Successful "process BEGIN event" transaction committed well
20170116.174705.77 db3 [01520 0720] wrk:2  [DB] Thread has freed connection "process BEGIN event"
20170116.174705.77 tr3 [01520 0720] wrk:2  [Layer/TextProto] tcp://192.168.1.212:3366: snd <17 ACCEPTED 27>
20170116.174705.77 db3 [01520 0720] wrk:2  [DB] Thread has got connection "IS client event"
20170116.174705.77 db3 [01520 0720] wrk:2  [DB] Database is free to use
20170116.174705.77 db3 [01520 0720] wrk:2  [SqLite3/1] Statement "BEGIN TRANSACTION"
20170116.174705.77 db3 [01520 0720] wrk:2  [DB] Successful BEGIN transaction, 00.000 wait
20170116.174705.77 db3 [01520 0720] wrk:2  tcp://192.168.1.212:3366/st: Do not redistribute event "RUN-BEGIN" because of no receiver found
20170116.174705.77 db3 [01520 0720] wrk:2  [SqLite3/1] Statement "COMMIT"
20170116.174705.77 db3 [01520 0720] wrk:2  [DB] Database has been freed but nobody wants it now
20170116.174705.77 db3 [01520 0720] wrk:2  [DB] Successful COMMIT transaction, 2 statements, 00.000 wait, 00.000 execute, 00.000 commit
20170116.174705.77 db3 [01520 0720] wrk:2  [DB] Successful "IS client event" transaction committed well
20170116.174705.77 db3 [01520 0720] wrk:2  [DB] Thread has freed connection "IS client event"
20170116.174705.77 tr3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3366/st: Ping restart requested without sending
20170116.174705.77 tr3 [01520 072c] wrk:5  [Layer/TextProto] tcp://192.168.1.212:3366: rcv <28 CSTART 20170116084808843 57 8 57 NT%SAUTHORITY\SYSTEM %Z>
20170116.174705.77 db3 [01520 072c] wrk:5  [Layer/Common] tcp://192.168.1.212:3366/st: Cancel ping with reason "CSTART"
20170116.174705.77 db3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3366/st: Ping has been canceled
20170116.174705.77 db3 [01520 072c] wrk:5  [DB] Thread has got connection "component started"
20170116.174705.77 db3 [01520 072c] wrk:5  [DB] Database is free to use
20170116.174705.77 db3 [01520 072c] wrk:5  [SqLite3/1] Statement "BEGIN TRANSACTION"
20170116.174705.77 db3 [01520 072c] wrk:5  [DB] Successful BEGIN transaction, 00.000 wait
20170116.174705.77 db2 [01520 072c] wrk:5  [DB] 1 row changed, 00.000, INSERT INTO station_running VALUES(?,?,?,?,?,?,?) ["90f0423d-add7-e611-196e-e4f7a63b1f4d", 57, 8, 57, "NT AUTHORITY\SYSTEM", "", 20170116084808843]
20170116.174705.77 db3 [01520 072c] wrk:5  [SqLite3/1] Statement "COMMIT"

Modifié par Denfreeman, 16 janvier 2017 - 11:52.

[Kirill Polubelov]

Вот что "убивает" агента:

egrep -B7 -A5 "ERR|FTL" drwcsd.log
20170116.173029.43 db3 [01520 0720] wrk:2  [SqLite3/0] Statement "COMMIT"
20170116.173029.43 db3 [01520 0720] wrk:2  [DB] Database has been freed but nobody wants it now
20170116.173029.43 db3 [01520 0720] wrk:2  [DB] Successful COMMIT transaction, 2 statements, 00.000 wait, 00.000 execute, 00.000 commit
20170116.173029.43 db3 [01520 0720] wrk:2  [DB] Successful "IS client event" transaction committed well
20170116.173029.43 db3 [01520 0720] wrk:2  [DB] Thread has freed connection "IS client event"
20170116.173029.43 tr3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3301/st: Ping restart requested without sending
20170116.173030.81 tr3 [01520 071c] wrk:1  [Layer/TextProto] tcp://192.168.1.212:3301: rcv <33 QCHANGE ADDED FCE083162C56D86631C4BBC994662929E10EF45DC194BA04A1D02467716124A9 1374114805 E:\temp\ct3289075\manifest.json 16C460D86601375BE65FE243747BF73CC10310F9A7E71F2B41471FAED22217A6 WS21-2\Urist1:WS21-2\%D0%9E%D1%82%D1%81%D1%83%D1%82%D1%81%D1%82%D0%B2%D1%83%D0%B5%D1%82 3907 -11110904581 {Adware.Toolbar.206:5} 2>
20170116.173030.81 ERR [01520 071c] wrk:1  Unable to process data block because of
20170116.173030.81 ERR [01520 071c] wrk:1    invalid ModificationTime
20170116.173030.81 ERR [01520 071c] wrk:1  [Layer/Common] tcp://192.168.1.212:3301/st: Will disconnect due to violation invalid ModificationTime
20170116.173030.81 tr3 [01520 071c] wrk:1  [Layer/TextProto] tcp://192.168.1.212:3301: snd <21 VIOLATION invalid ModificationTime>
20170116.173030.81 db3 [01520 071c] wrk:1  [Layer/Client] tcp://192.168.1.212:3301/st: Schedule kill event
20170116.173030.81 db3 [01520 0720] wrk:2  [Layer/Client] tcp://192.168.1.212:3301/st: kill client
20170116.173030.81 tr0 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3301/st: Requested for disconnect
20170116.173030.81 tr3 [01520 0728] wrk:4  [Layer/Transformation] tcp://192.168.1.212:3301(dead): all filter removed from incoming and outcoming streams
--
20170116.173234.21 db3 [01520 0720] wrk:2  [DB] Thread has freed connection "IS client event"
20170116.173234.21 tr3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3307/st: Ping restart requested without sending
20170116.173234.46 tr3 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.71:1723/st: Ping restart requested with sending
20170116.173234.46 tr3 [01520 0720] wrk:2  [Layer/TextProto] tcp://192.168.1.71:1723: snd <78 PING 6362015235446926390>
20170116.173234.47 tr3 [01520 072c] wrk:5  [Layer/TextProto] tcp://192.168.1.71:1723: rcv <91 PONG 6362015235446926390 6362015245076849980>
20170116.173234.47 tr3 [01520 072c] wrk:5  tcp://192.168.1.71:1723/st: Pong round trip time is 1ms
20170116.173235.09 tr3 [01520 072c] wrk:5  [Layer/TextProto] tcp://192.168.1.212:3307: rcv <33 QCHANGE ADDED FCE083162C56D86631C4BBC994662929E10EF45DC194BA04A1D02467716124A9 1374114805 E:\temp\ct3289075\manifest.json 16C460D86601375BE65FE243747BF73CC10310F9A7E71F2B41471FAED22217A6 WS21-2\Urist1:WS21-2\%D0%9E%D1%82%D1%81%D1%83%D1%82%D1%81%D1%82%D0%B2%D1%83%D0%B5%D1%82 3907 -11110904581 {Adware.Toolbar.206:5} 2>
20170116.173235.09 ERR [01520 072c] wrk:5  Unable to process data block because of
20170116.173235.09 ERR [01520 072c] wrk:5    invalid ModificationTime
20170116.173235.09 ERR [01520 072c] wrk:5  [Layer/Common] tcp://192.168.1.212:3307/st: Will disconnect due to violation invalid ModificationTime
20170116.173235.09 tr3 [01520 072c] wrk:5  [Layer/TextProto] tcp://192.168.1.212:3307: snd <21 VIOLATION invalid ModificationTime>
20170116.173235.09 db3 [01520 072c] wrk:5  [Layer/Client] tcp://192.168.1.212:3307/st: Schedule kill event
20170116.173235.09 db3 [01520 0720] wrk:2  [Layer/Client] tcp://192.168.1.212:3307/st: kill client
20170116.173235.09 tr0 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3307/st: Requested for disconnect
20170116.173235.09 tr3 [01520 0728] wrk:4  [Layer/Transformation] tcp://192.168.1.212:3307(dead): all filter removed from incoming and outcoming streams
--
20170116.173438.45 db3 [01520 071c] wrk:1  [DB] Thread has freed connection "IS client event"
20170116.173438.45 tr3 [01520 071c] wrk:1  [Layer/Common] tcp://192.168.1.212:3317/st: Ping restart requested without sending
20170116.173439.34 tr3 [01520 071c] wrk:1  [Layer/Common] tcp://192.168.1.121:3992/st: Ping restart requested with sending
20170116.173439.34 tr3 [01520 071c] wrk:1  [Layer/TextProto] tcp://192.168.1.121:3992: snd <82 PING 6362015247934526950>
20170116.173439.34 tr3 [01520 071c] wrk:1  [Layer/TextProto] tcp://192.168.1.121:3992: rcv <95 PONG 6362015247934526950 6362015615190625000>
20170116.173439.34 tr3 [01520 071c] wrk:1  tcp://192.168.1.121:3992/st: Pong round trip time is 0ns
20170116.173439.48 tr3 [01520 071c] wrk:1  [Layer/TextProto] tcp://192.168.1.212:3317: rcv <33 QCHANGE ADDED FCE083162C56D86631C4BBC994662929E10EF45DC194BA04A1D02467716124A9 1374114805 E:\temp\ct3289075\manifest.json 16C460D86601375BE65FE243747BF73CC10310F9A7E71F2B41471FAED22217A6 WS21-2\Urist1:WS21-2\%D0%9E%D1%82%D1%81%D1%83%D1%82%D1%81%D1%82%D0%B2%D1%83%D0%B5%D1%82 3907 -11110904581 {Adware.Toolbar.206:5} 2>
20170116.173439.48 ERR [01520 071c] wrk:1  Unable to process data block because of
20170116.173439.48 ERR [01520 071c] wrk:1    invalid ModificationTime
20170116.173439.48 ERR [01520 071c] wrk:1  [Layer/Common] tcp://192.168.1.212:3317/st: Will disconnect due to violation invalid ModificationTime
20170116.173439.48 tr3 [01520 071c] wrk:1  [Layer/TextProto] tcp://192.168.1.212:3317: snd <21 VIOLATION invalid ModificationTime>
20170116.173439.48 db3 [01520 071c] wrk:1  [Layer/Client] tcp://192.168.1.212:3317/st: Schedule kill event
20170116.173439.48 db3 [01520 0720] wrk:2  [Layer/Client] tcp://192.168.1.212:3317/st: kill client
20170116.173439.48 tr0 [01520 0720] wrk:2  [Layer/Common] tcp://192.168.1.212:3317/st: Requested for disconnect
20170116.173439.48 tr3 [01520 0724] wrk:3  [Layer/Transformation] tcp://192.168.1.212:3317(dead): all filter removed from incoming and outcoming streams

 

При синхронизации карантина, передается на сервер инфа о закарантиненных файлах, один из них, имеет некорректный таймштамп (отрицательный), что приводит к возникновению VIOLATION события, со стороны сервера.

Решением может послужить удаление проблемного файла из карантина станции. Благо, он там такой один.

[Denfreeman]

При синхронизации карантина, передается на сервер инфа о закарантиненных файлах, один из них, имеет некорректный таймштамп (отрицательный), что приводит к возникновению VIOLATION события, со стороны сервера.

Решением может послужить удаление проблемного файла из карантина станции. Благо, он там такой один.

Благодарю за помощь! Проблема решена.