02-28-2014 01:23 AM
Hello everyone!
We got some alarms on our Ironport regarding "Check Open Files or Sockets". It's been bouncing up and down the last couple of days. What does this check mean? Is it the amount of active TCP connections or is it something connected with the malware/anti-virus engine?
We're currently using version:
AsyncOS Version: 7.6.2-014
We add new customers to the device so it would be natural that the amount of connections would increase.Our warning limit is set to 3000 at the moment and our CPU, Memory etc are still OK. Would you recommend raising the value to 3500?
02-28-2014 04:37 AM
Can you provide the exact error(s) as they were presented to you from the appliance? We sometimes see applications faults with "[Errno 23] Too many open files in system" --- but, want to make sure we are addressing the correct error first...
-Robert
03-03-2014 03:50 AM
Hello Robert
Thank you for your reply. I have tried to look through the logs of the appliance but couldn't find anything. What log contains the information you need? I checked the error log, status log, snmp log and the system log and could not find anything related to open file or sockets. I also tried to search for the message you posted.
It's worth mentioning that it's not the Ironport that is sending us alarms it's our surveillance system. We send and SNMP command to a MIB and we have a warning limit of 3000 connections. We get this message back:
Plugin output: SNMP WARNING - *3114* | iso.3.6.1.4.1.15497.1.1.1.19.0=3114
What exactly is the Open Files or Sockets? Is i the amount of open connections? As mentioned before, the CPU and memory are still good so we don't experience any high loads on the appliance.
Best regards,
Philip
03-03-2014 05:55 AM
Correct - this would be the # of open connections on the appliance. With you running 7.6.2 - I would be interested to know if you were hitting a recently known defect in our RepEng --- and you would be running a higher number of connections out connecting/pending senderbase lookups/results/turn-around.
Without your appliance actually reporting any issues with a application fault, or other administrative notification - you are relying just on the SNMP query for the monitoring of the service and value.
Check and make sure this is updated:
myesa.local> repengstatus
Component Version Last Updated
repeng_tools 1.2.0-079 03 Mar 2014 13:40 (GMT +00:00)
repeng 1.2.0-079 03 Mar 2014 13:40 (GMT +00:00)
If not - please run 'repengupdate force', to pull down the latest engine and ruleset. This should alleviate any connections issues this presents back to the OS, and possibly is increasing the # of connections.
-Robert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide