Full zone update brakes a zone and next incremental updates do not add new indicators
Closed this issue · 4 comments
Homas commented
- Bad full zone update
2019-09-10T04:41:29.231269+00:00 Zone "notracking.ioc2rpz" serial 1568047260, refresh time 604800 current status ready
2019-09-10T04:41:29.231634+00:00 Updating zone "notracking.ioc2rpz" full
2019-09-10T04:41:29.231856+00:00 Source "notracking_hosts" was expired in cache
2019-09-10T04:41:29.457620+00:00 Source: "notracking_hosts", size: 2.25/MB (2358005), MD5: "d7768fc5f62ceff4c3feaa92a056c845"
2019-09-10T04:41:29.634436+00:00 Source: "notracking_hosts", got 41487 indicators, clean time 0
2019-09-10T04:41:29.685434+00:00 Source "notracking_domains" was expired in cache
2019-09-10T04:41:30.289340+00:00 Source: "notracking_domains", size: 5.33/MB (5592314), MD5: "fd98ddd2a22f3563feba8c1cf26ad5c0"
2019-09-10T04:41:30.722246+00:00 Source: "notracking_domains", got 92379 indicators, clean time 0
2019-09-10T04:41:31.082647+00:00 Delete old records from zone "notracking.ioc2rpz". before 133964 after 1033
2019-09-10T04:41:33.940637+00:00 Live zone "notracking.ioc2rpz", 267732 rules, 133866 IOCs
2019-09-10T04:41:33.940923+00:00 Zone "notracking.ioc2rpz" updated in 0 seconds, new serial 1568090460, 267732 rules, 133866 indicators.
- Incremental update
2019-09-11T04:41:29.231298+00:00 Start incremental update Zone "notracking.ioc2rpz" serial 1568133660 full refresh time 43200, Ctime 1568176889 cache <<"true">> status ready
2019-09-11T04:41:29.231634+00:00 Process PID <0.17606.7> incremental update "notracking.ioc2rpz" started
2019-09-11T04:41:29.258359+00:00 Updating zone "notracking.ioc2rpz" inc. Last IXFR update 43200 seconds ago, last non-zero update 43200 seconds ago
2019-09-11T04:41:30.496608+00:00 Source: "notracking_hosts", size: 2.25/MB (2359116), MD5: "3c06772a834447f362aff0f04528a33e"
2019-09-11T04:41:30.653933+00:00 Source: "notracking_hosts", got 41505 indicators, clean time 0
2019-09-11T04:41:31.515626+00:00 Source: "notracking_domains", size: 5.34/MB (5594792), MD5: "7d5690dabc07983e470107731795948c"
2019-09-11T04:41:31.935628+00:00 Source: "notracking_domains", got 92424 indicators, clean time 0
2019-09-11T04:41:32.096719+00:00 Fetching zone "notracking.ioc2rpz" from ets
2019-09-11T04:41:32.201353+00:00 Rebuilding AXFR zone "notracking.ioc2rpz". New IOCs 132951
2019-09-11T04:41:32.225914+00:00 Zone "notracking.ioc2rpz", # of rules 2066, # of IOCs 1033
2019-09-11T04:41:32.226278+00:00 AXFR zone "notracking.ioc2rpz" was rebuilded. 2066 rules 1033 indicators. Parsed 133929 indicators.
2019-09-11T04:41:32.235334+00:00 Zone "notracking.ioc2rpz" records before 1033 after 1033.
2019-09-11T04:41:32.235449+00:00 Process PID <0.17606.7> incremental update "notracking.ioc2rpz" finished in 0 seconds
Homas commented
Optimization and the zone clean up may cause the issue.
Delete old records from zone "notracking.ioc2rpz". before 133964 after 1033
Homas commented
Added some extra debug logs
Homas commented
2019-09-13T05:57:29.418938+00:00 Source: "phishtank", size: 45.93/KB (47033), MD5: "833805aa833eea1922675d76715d15f5"
2019-09-13T05:57:29.422352+00:00 Source: "phishtank", got 1769 indicators, clean time 0
2019-09-13T05:57:29.482811+00:00 AXFR update ets. Zone "phishtank.ioc2rpz". Before 1772 After 1819
2019-09-13T05:57:29.482960+00:00 AXFR update ets. Zone "phishtank.ioc2rpz". Indicators 1769
2019-09-13T05:57:29.565056+00:00 Delete old records from zone "phishtank.ioc2rpz". before 1819 after 47
In write_db_record(ets,Zone,IOCs,axfr) function insert_new was replaced by insert to update the serial. Check the performance impact.
% [ets:insert_new(rpz_ixfr_table, {{ioc,Zone#rpz.zone,IOC},Zone#rpz.serial,IOCExp}) || {IOC,IOCExp} <- IOCs, (IOCExp > CTime) or (IOCExp == 0)],
[ets:insert(rpz_ixfr_table, {{ioc,Zone#rpz.zone,IOC},Zone#rpz.serial,IOCExp}) || {IOC,IOCExp} <- IOCs, (IOCExp > CTime) or (IOCExp == 0)],
Homas commented
Fixed in 1.0.0.3-2019091501.