Unexplained SNMP alert on 515e 6.3(5)

Unanswered Question
Jun 26th, 2007
User Badges:

Hi,


Recently I've started getting the an alert re: the number of connections to the Pix.


The OID is: cfwConnectionsStatVal .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5


I know the threshold set is not that high but the interesting thing is that, if anything, this PIX should be less used than it was 3mnths ago. The alerts started about 3 weeks ago and I get one every 3 or 4 days. One problem with troubleshooting this is that by the time I get the alert, login, and check conns, cpu, mem, etc everything is as it should be.


Anyone know what could cause an unprecedented increase and should not be considered a part of normal network behavior? Should I be looking at mis-firing apps inside the network or at stuff originating from the outside?


Any advice much appeciated.


Thanks in advance,

Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vijayasankar Wed, 06/27/2007 - 08:01
User Badges:
  • Silver, 250 points or more

Hi Mike,


Have you checked the "show conn" output. Apart from the current connection usage it also shows the the max connection count.

Does it match/exceeds the threshold set by you.?


If you are having any NMS system you can monitor the connection OIDs through them as well, to examine the connection trend of this PIX.

Those graphs will give you an idea on the connection patterns in this PIX.

You can also check the syslogs from this pix, to see any abnormal connection attempts.


Hope this helps.


-vJ



m.surtees Wed, 06/27/2007 - 17:36
User Badges:

Hey VJ,


Do check conns, cpu, mem, etc but as I said the problem is gone before I get the chance. The max connection count does exceed the threshold, and as I said the threshold could be set higher as I believe this appliance is capable of 120,000 connections and i'm not getting close to that.


I have no NMS, I do have a syslog though. What should I be looking for there? Any particular error code?


I know the device is not really being pushed it's just that it is supposedly doing less work than it used to but these "threshold exceeded" mssages are new and recurring, so I'm trying to find out what could be causing them before I just band-aid the problem by raising a threshold that had not been surpassed in 2.5 years.


Regards,

Mike

Actions

This Discussion