AV database changed ; restarting workers

Question

I was checking logs on a couple FortiGates (100D and 300D) both running 5.4.5 before changing configs, and noticed tons of the following when I ran "diag debug crashlog read"

16381: 2017-09-19 17:52:29 scanunit=manager pid=20463 str="AV database changed (0); restarting workers"

16382: 2017-09-19 17:52:29 <20463> scanunit=manager str="Success loading anti-virus database."

16383: 2017-09-19 17:53:07 scanunit=manager pid=20463 str="AV database changed (1); restarting workers"

16384: 2017-09-19 17:53:07 <20463> scanunit=manager str="Success loading anti-virus database."

This happens regularly, usually about every 10 minutes, but sometimes as often as once a minute.

The 100D also showed the daemons pyfcgid and getty getting killed with status=0x0 or status=0x100 pretty regularly as well. The 300D shows pyfcgid getting killed very infrequently.

Note that it almost always has "AV database changed (1)" but there have been a couple with (0) instead.

I know I've seen something similar before, but I can't seem to find my notes on it. Anybody know what might be going on?

In the past I've seen problems with antivirus updates if I've had antivirus grayware enabled or default-db extended, so I turned those off before doing an "exec update-now". Still see the same crashlog events continuing afterwards though.

Thoughts?

tanr · Answer

I still see a ton of

16383: 2017-09-19 17:53:07 scanunit=manager pid=20463 str="AV database changed (1); restarting workers" 16384: 2017-09-19 17:53:07 <20463> scanunit=manager str="Success loading anti-virus database."

on FortiGates with 5.4.5. Any info on this, or should I just open a support ticket?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded