We got some alarms on our Ironport regarding "Check Open Files or Sockets". It's been bouncing up and down the last couple of days. What does this check mean? Is it the amount of active TCP connections or is it something connected with the malware/anti-virus engine?
We're currently using version:
AsyncOS Version: 7.6.2-014
We add new customers to the device so it would be natural that the amount of connections would increase.Our warning limit is set to 3000 at the moment and our CPU, Memory etc are still OK. Would you recommend raising the value to 3500?
Can you provide the exact error(s) as they were presented to you from the appliance? We sometimes see applications faults with "[Errno 23] Too many open files in system" --- but, want to make sure we are addressing the correct error first...
Thank you for your reply. I have tried to look through the logs of the appliance but couldn't find anything. What log contains the information you need? I checked the error log, status log, snmp log and the system log and could not find anything related to open file or sockets. I also tried to search for the message you posted.
It's worth mentioning that it's not the Ironport that is sending us alarms it's our surveillance system. We send and SNMP command to a MIB and we have a warning limit of 3000 connections. We get this message back:
Correct - this would be the # of open connections on the appliance. With you running 7.6.2 - I would be interested to know if you were hitting a recently known defect in our RepEng --- and you would be running a higher number of connections out connecting/pending senderbase lookups/results/turn-around.
Without your appliance actually reporting any issues with a application fault, or other administrative notification - you are relying just on the SNMP query for the monitoring of the service and value.
Check and make sure this is updated:
Component Version Last Updated
repeng_tools 1.2.0-079 03 Mar 2014 13:40 (GMT +00:00)
repeng 1.2.0-079 03 Mar 2014 13:40 (GMT +00:00)
If not - please run 'repengupdate force', to pull down the latest engine and ruleset. This should alleviate any connections issues this presents back to the OS, and possibly is increasing the # of connections.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...