IPS system messages

5creedus · ‎06-26-2008

where can I find more information about the below messages? The IPS version is 6.0(4)E1 S319

Error TX Queue full, lost buf 464

Error TX Queue full, no yet lost buf 464 if = 0

DBMemoryResourcesCritical 2 Hits 2Total.

ebreniz · ‎07-02-2008

It looks like the sensor has been oversubscribed on multiple occasions, and likely as a

result, the heartbeat signal between the ASA and the AIP-SSM has lost

sync (triggering the "Failed Service Module" status and the FO).

What I would recommend in this case is to confirm you are not sending

too much traffic to the AIP-SSM, and also, that its configuration is not

too taxing (i.e. lots of Product Alert actions occurring, IP Logging

enabled, atomic-ip type SIGs firing often, etc.).

jamesand · ‎07-02-2008

The ASA failover due to IPS oversubscription is a known issue: CSCso78274. This is resolved in 6.0(5).

The DB crit messages are an indication that the senosr inspector database is running out of memory. This could be due to the signature config or the amount/type of traffic (oversubscription).

I would recommend upgrading to 6.0.5, tuning the signature config, and reducing the traffic feed.

5creedus · ‎07-02-2008

Thanks, yes we are planning another round of upgrades to our fleet so that one will be taken care of.