Support #10348

[SCP ID :##5147##] : KFH Missing Recon File

Added by Zahir Abd Latif almost 5 years ago. Updated almost 5 years ago.

Status:Closed - End of life cycleStart date:October 14, 2019
Priority:NormalDue date:
Assignee:Zahir Abd Latif% Done:

100%

Category:MY BVMCSpent time:-
Target version:-

Description

Hi,
Kindly attend below request:
Please help to investigte on the failed recon file transfer in kfhib03 server. Below are our response to your previous queries:

1. When the manual SFTP was triggered?

Is it the directly after seeing Connection timed out error?

SM: Whenever there is request from Paynet to transfer the file manually. System Admin team find out the connnection time out error after further check on the error logs.

2. Provide all the logs from Oct 1st until today.
SM: The logs can be retrieved from below directory. We provide the logs for date 4, 6, 9, and 10 October only because these are the date that have the file transfer problem. We unable to retieve logs for date 1 and 2 October because the log content is already recycled.
\\10.20.8.50\Insert Here\IB Logs\14102019

On the other hand, please consider to review the below finding from Network team:

The sftp.oriongateway.com …the fqdn (fully qualified domain name) keeps on changing their ip address.

It seems the 52.77.55.62 seems to be most stable which explains the days where no manual intervention was required to transfer the recon files.

Whereas 52.76.121.14 seems to be the most problematic one, where there is no response from this ip.

-------------------correlating the working days with the firewall logs ----------------------------

Note: 03-Oct(sent at 3am on 04-Oct), 05-0ct(sent at 3am on 06-Oct) , 07-Oct (sent at 3am on 08-Oct) and 08-Oct (sent at 3am on 09-Oct) recon files were successfully sent.

leonard@KLDC-ALFW01> show log traffic src in 10.20.208.1 dport equal 22 start-time equal 2019/10/01@00:00:00 app equal ssh

Time App From Src Port Source

Rule Action To Dst Port Destination

Src User        Dst User                        End Reason

====================================================================================================

2019/10/04 03:08:28 ssh IB_Int_Transit 46790 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.77.55.62

tcp-fin

2019/10/06 03:09:07 ssh IB_Int_Transit 64987 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.77.55.62

tcp-fin

2019/10/08 03:09:22 ssh IB_Int_Transit 57738 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.203.136

tcp-fin

2019/10/09 03:08:28 ssh IB_Int_Transit 57074 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.77.55.62

tcp-fin

----------------------------correlating the manual transfer with the firewall logs -------------------------------------

Note: 04-Oct(sent at 3am on 05-Oct), 06-0ct(sent at 3am on 07-Oct) , 09-Oct (sent at 3am on 10-Oct) and 10-Oct (sent at 3am on 11-Oct) recon files were successfully sent.

leonard@KLDC-ALFW01> show log traffic src in 10.20.208.1 dport equal 22 start-time equal 2019/10/01@00:00:00 app not-equal ssh

Time App From Src Port Source

Rule Action To Dst Port Destination

Src User        Dst User                        End Reason

====================================================================================================

2019/10/05 03:06:36 incomplete IB_Int_Transit 44433 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/05 03:06:43 incomplete IB_Int_Transit 44433 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/05 03:06:56 incomplete IB_Int_Transit 44433 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/05 03:07:23 incomplete IB_Int_Transit 44433 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/05 03:08:17 incomplete IB_Int_Transit 44433 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/05 03:09:17 incomplete IB_Int_Transit 44433 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/07 03:06:26 incomplete IB_Int_Transit 50526 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/07 03:06:33 incomplete IB_Int_Transit 50526 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/07 03:06:46 incomplete IB_Int_Transit 50526 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/07 03:07:13 incomplete IB_Int_Transit 50526 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/07 03:08:07 incomplete IB_Int_Transit 50526 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/07 03:09:07 incomplete IB_Int_Transit 50526 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/10 03:06:13 incomplete IB_Int_Transit 57792 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.203.136

aged-out

2019/10/10 03:06:21 incomplete IB_Int_Transit 57792 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.203.136

aged-out

2019/10/10 03:06:33 incomplete IB_Int_Transit 57792 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.203.136

aged-out

2019/10/10 03:07:01 incomplete IB_Int_Transit 57792 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.203.136

aged-out

2019/10/10 03:07:55 incomplete IB_Int_Transit 57792 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.203.136

aged-out

2019/10/10 03:08:54 incomplete IB_Int_Transit 57792 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.203.136

aged-out

2019/10/11 03:06:37 incomplete IB_Int_Transit 58585 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/11 03:06:44 incomplete IB_Int_Transit 58585 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/11 03:06:57 incomplete IB_Int_Transit 58585 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/11 03:07:24 incomplete IB_Int_Transit 58585 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/11 03:08:18 incomplete IB_Int_Transit 58585 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

2019/10/11 03:09:18 incomplete IB_Int_Transit 58585 10.20.208.1

intext-app-epay allow IB_Ext_Transit 22 52.76.121.14

aged-out

History

#1 Updated by Zahir Abd Latif almost 5 years ago

  • Status changed from New - Begin Life Cycle to Pending Customer Feedback
  • Assignee changed from Yap Kah Yan to Zahir Abd Latif
  • % Done changed from 0 to 100

Kah Yan, Oct 15, 2019 10:18 AM:-

As per our findings, the logs shown SFTP Failed: java.net.ConnectException: Connection timed out
We suggest to point to the more stable IP for sftp.oriongateway.com if the below assumptions are confirmed.

Assumptions:
All successful SFTP was transmitted through 52.77.55.62  
All unsuccessful SFTP was transmitted through 52.76.121.14

#2 Updated by Zahir Abd Latif almost 5 years ago

  • Status changed from Pending Customer Feedback to Closed - End of life cycle

Issue closed in SCP.

Also available in: Atom PDF