Bug ID 1033125

Bug Tracker
ID 1033125

Bug ID 1033125: Missing usernames in sessions related to network tunnels

Last Modified: Dec 07, 2023

Affected Product(s):
BIG-IQ Access(all modules)

Known Affected Versions:
8.1.0, 8.0.0.1, 8.0.0

Opened: Jul 12, 2021

Severity: 3-Major

Symptoms

There are various symptoms 1. Session records related to network tunnels do not display all attributes in reports/dashboards. 2. BIG-IQ logs exceptions related to bulk update failure: [WARN][/cm/access/session-summary-builder SessionSummaryBuilderWorker] 2 Session Items discarded after max retries [INFO][/cm/access/session-summary-builder SessionSummaryBuilderWorker] Bulk request failure errors 3 error description -------------------------------------- NOTE: If any of the following commands reports found = false, then you are impacted by ID1040777 and not the ID1033125 #curl -s -u admin:admin --insecure -X GET https://localhost:9200/_scripts/updateNetworkAccessTunnels | jq .found #curl -s -u admin:admin --insecure -X GET https://localhost:9200/_scripts/updateSessionSummary | jq .found #curl -s -u admin:admin --insecure -X GET https://localhost:9200/_scripts/updateTokenFromPhase1Task | jq .found #curl -s -u admin:admin --insecure -X GET https://localhost:9200/_scripts/updateTokenFromPhase2Task | jq .found #curl -s -u admin:admin --insecure -X GET https://localhost:9200/_scripts/updateTokenFromSessionSummary | jq .found

Impact

Session information (like the Username field) related to network tunnels are missing in reports/dashboards.

Conditions

-- BIG-IQ DCD cluster with Access listener enabled -- Active tunnel traffic

Workaround

You can resolve this issue by the following steps. (Note the additional flag in Step 3.) 1. Download the repair scripts/tools following steps in https://support.f5.com/csp/article/K63534030 (Step1 under 'Recommended Actions') 2. Backup, Overwrite .painless scripts by following Step 2.A/2.B under 'Recommended Actions' 3. Update .painless files in Elasticsearch cluster (Step 2.C under 'Recommended Actions') using below command # sh PushAPMScriptsToES.sh -force NOTE: You MUST use '-force' if not it will not resolve the current issue 4. You do not need to do Step 2.D 5. Finish by running Step 4

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips