94245-Dec 2 01:12:38 SRUC-FMC ActionQueueScrape.pl: Setting failure code to device_failure_configuration at /usr/local/sf/lib/perl/5.24.4/SF/UMPD/Transaction.pm line 1009.
94246-Dec 2 01:12:39 SRUC-FMC ActionQueueScrape.pl: hasActiveSession... at /usr/local/sf/lib/perl/5.24.4/SF/Auth.pm line 280.
Looking further at the health status of the sensors however, I can see that they are complaining of 'Configuration Memory Allocation' with - 'Deployed configurations are too large. Your deployed configurations require more memory than the system can allocate. Re-evaluate your configuration. Most often you can reduce the number or complexity of access control rules or intrusion policies. See the online help to learn best practices for access control.'
I had seen some indication that a migration to Snort 3 does improve efficiency but wasn't sure if that was a direct correlation to policy compression and moreover, the error we are encountering.
I've passed this via TAC but wondered if this has been encountered before or logged in an existing bug that's been logged and resolved.