Known Issues for Virtual Appliance Version 77.5.0
The following are the known issues included in this release.
Issue Number | Issue Description | Workaround |
---|---|---|
141914 | Troubleshooting clear-unfinished-files does not clear alerts and entries for "parts" of the file. | There is no workaround. |
140546 | Appliance status is not updated on tenant UI. No other functionality is impacted. | There is no workaround. |
127206 | Some of the session files we create are corrupted since the program does not close the files properly. This causes uploads to fail. Changes to the code fixes the issue in some cases. In case of large files that are segmented into multiple smaller files, this issue may persist. | There is no workaround. |
140369 | The command { "nssyslogng_proxysg-http-main.log.part-1": [ "splitting finished at 2021-09-20 17:04:22.636000", "completed processing at 2021-09-20 17:12:03.413000", "completed uploading to cloud at 2021-09-20 17:12:16.147000", "extracted 101370 events from 465325 lines", "no of sessions is 30338", "time taken = -1 day, 23:30:51.964274" ] } | There is no workaround. |
113634 | If timezone is configured on the OPLP appliance and timezone is also specified in the parser, then the date and time for the logs uploaded through the OPLP appliance is incorrect in Skope IT. | There is no workaround. |
127783 | 'Failed to get hostname' error message in the nsforwarder.log file. | The error message does not impact the functionality and can be ignored. |
127734 | 'Unable to read file' error message in the os_list.json file. | The error message does not impact the functionality and can be ignored. |
127686 | Traffic which is on non-standard HTTP(S) ports is getting dropped. You may see the following error: ERROR lcforwardproxy 111 APPMODULE 227: ... | The error message does not impact the functionality and can be ignored. |
127290 | The following error can be ignored: ERROR lcforwardproxy 101 SYNTHETIC 228:SyntheticTemplateConfig.cpp: trid= rqid= tenantid= user='' config block 'activity' is not allowed to be empty | There is no workaround. |
127095 | Time-based inline security policies is broken for customers using DPoP. | There is no workaround. |
Currently, discovery / OPLP can accept log files, system logs, and custom parsers files in UTF-8 encoding only.
If these files are encoded using other encodings, we may fail to parse them properly. This will manifest as UnicodeDecodeError in our logs.
The best practice is to set UTF-8 as the default encoding in all pipelines feeding into OPLP. UTF-8 can handle any character set, so this will not result in any information loss.
For the log files that are already encoded without using UTF-8, convert these files to UTF-8 before uploading them to OPLP.
The following is an example using a file that is encoded in UTF-16.
Unzip if log files are zipped. In this example, the unzipped text file is logsample.log.
Check current encoding used: file logsample.log > outputs “Little-endian UTF-16 Unicode text,”
Convert it to UTF-8 as iconv -c -f utf-16 -t utf-8 logsample.log > logsample_utf8.log
Send logsample_utf8.log to OPLP either as a text file or zipped file.