Forum Discussion

Christopher_Boo's avatar
Icon for Cirrostratus rankCirrostratus
Oct 25, 2011

Attack Signature Update Causing Unexpected Reboot

Just wondering if anyone else has experienced this? I've had it happen twice. The first time I was running 10.2.0 and it has now happened again on 10.2.1. Support is still investigating but they are recommending I upgrade to 10.2.3. I have an active passive pair of 3600s running LTM (minimal) and ASM (nominal). My cpu normally runs ~12% and memory ~50%.









5 Replies

  • Christopher,



    What does your Swap usage look like (from the command TOP)?



  • Mem: 4056352k total, 3818184k used, 238168k free, 138440k buffers


    Swap: 1048568k total, 0k used, 1048568k free, 548080k cached
  • The first time it happened I was affected by the swap file on compact flash bug and support determined this was the likely cause. This was about 1 year ago. We had so many problems trying to implement ASM as well as with other projects we were working on that we ended up putting the implementation on hold. Now I'm trying to get the implementation going again and was surprised to have this happen yet again.



  • It's odd, typically signature updates are seemless, at least I've not had them kick a box.



    Were there any log messages from around the time of the reboot? Anything that would indicate the box was under strain/load? Did you have learning mode on at the time?



  • I had actually deleted the prior work (the day before) as so much has changed since that time and I wanted to start with a clean slate. So ASM itself wasn't doing anything. I keep a close eye on cpu and memory load (had the dashboard up at the time). CPU utilization was ~12% and memory was ~50% (where those stats generally hover). As soon as I hit the button to update attack signatures one CPU spiked to 100 % and the other to 80%. Memory spiked as well. Lost connectivity within a few seconds. It took a little over 2 minutes for the box to come back up. There was nothing unusual in the logs.