OPERATIONAL DEFECT DATABASE
...
...
- "QoS-Dropped Traffic by QoS Rule" does not show any data.
- FMC on 7.2.x - QoS policy is applied to device(s). - Connection Events / Unified Events are showing that qos is dropping traffic. - Other QoS dashboards will be populating data from the drops. - In the test case user based rules were not configured and therefore no data was populated in the widget.
- None at this time.
- The qos_rulesessionstats does not have the qos_rule information populated despite being in the unified events. root@fmclab3:/Volume/home/admin# OmniQuery.pl -db eventdb -e "select qos_rule, device from qos_rulesessionstats_1687867200_0;" ************ Applying dynamic update files ************ Dynamic update files directory: /usr/local/sf/etc/dynamic_db_updates Applying file remove_ref_check_rna_ip_os_map.yaml. Status: Success. ************ Applying dynamic update files finished ************ +----------+---------+ | qos_rule | device | +----------+---------+ | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | | | FTDlab2 | +----------+---------+ 24 rows in set (0.001841 seconds) - Unified Event shows qos_rule populated by snort (IPs adjusted for documentation): Unified2 Record at offset 1507828 Type: 210(0x000000d2) Timestamp: 0 Length: 805 bytes Forward to DC: Yes FlowStats: Sensor ID: 0 Service: 1122 NetBIOS Domain: Client App: 1296 Protocol: TCP Initiator Port: 48960 Responder Port: 443 First Packet: (1687875730) Tue Jun 27 14:22:10 2023 Last Packet: (1687875745) Tue Jun 27 14:22:25 2023 TCP Flags: 0 Packets Sent: 3308 Packets Received: 12779 Bytes Sent: 3262 Bytes Received: 17463801 QoS Total Initiator Packets Dropped: 0 QoS Total Initiator Bytes Dropped: 0 QoS Total Responder Packets Dropped: 1894 QoS Total Responder Bytes Dropped: 2715996 QoS Applied Interface: 7008e166-fa37-11ed-8683-f48fe0cc05ed QoS Rule ID: 268434436 Web App: 4294967295 Ingress Zone: d8145680-a7d2-11ed-a987-f797c9d492ce Egress Zone: 7528778c-a7ea-11ed-a11c-f697c9d492ce Ingress Interface: 7008e166-fa37-11ed-8683-f48fe0cc05ed Egress Interface: 7505afc2-a7ea-11ed-a11c-f697c9d492ce Initiator: 192.0.2.10 Responder: 192.0.2.13 Original Client: :: Policy Revision: 00000000-0000-0000-0000-00006494c140 Rule ID: 268434435 Tunnel Rule ID: 0 Monitor Rule ID 1: 268434436 Monitor Rule ID 2: 268434436 Rule Action: 2 Rule Reason: 0 NetFlow Source: :: User ID: 9999997 Application ID: 1122 Client ID: 1296 Client Version: Location IP: :: Endpoint Profile ID: 0 Security Group ID: 0 Source Security Group Tag: 0 Source Security Group Tag Type: 0 Destination Security Group Tag: 0 Destination Security Group Tag Type: 0 URL Category: 0 URL Reputation: 0 URL (52): https://ndt-mlab2-iad04.mlab-oti.measurement-lab.org Security Intelligence Source or Destination: 0 Security Intelligence Category: 0 Instance ID: 2 Connection Counter: 25953 File Count: 0 IPS Event Count: 0 Initiator Country: 0 Responder Country: 0 Original Client Country: 0 Number of IOCs: 0 Context ID: 00000000-0000-0000-0000-000000000000 VLAN ID: 0 Referenced Host: User Agent: HTTP Referer: SSL Server Certificate: 0000000000000000000000000000000000000000 SSL Policy: 00000000-0000-0000-0000-000000000000 SSL Rule ID: 0 SSL Cipher Suite: 0 SSL Version: 0 SSL Server Cert Status: 0 SSL Actual Action: 0 SSL Expected Action: 0 SSL Flow Status: 0 SSL Flow Error: 0 SSL Messages: 0x0 SSL Flow Flags: 0 SSL Server Name: (null) SSL URL Category: 0 SSL Session ID: SSL Session Ticket: NAP Policy Revision: b93435a9-59b8-3613-1b66-161106f348a5 HTTP Response Code: 0 DNS Query: DNS Record Type: 0 DNS Response Type: 0 DNS TTL: 0 Sinkhole Revision: 00000000-0000-0000-0000-000000000000 PPM Packet Count: 0 Ingress VRF: Global Egress VRF: Global Source IP Dynamic Attribute: Destination IP Dynamic Attribute: EVE Process Name: EVE Process Confidence: 0 EVE Threat Confidence: 0 EVE Threat Confidence Level: 0 Client App Detection Method: 0 NAT Translated Initiator Port: 48960 NAT Translated Responder Port: 443 NAT Translated Initiator IP: 192.0.2.10 NAT Translated Responder IP: 192.0.2.13 - The appearance is that the event_db is not getting built correctly for the qos_rulesessionstats - See attached unified file for more information. - See attached images for more information as well.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
