Forum Discussion
Christopher_Boo
Cirrostratus
CirrostratusAttack Signature Update Causing Unexpected Reboot
Just wondering if anyone else has experienced this? I've had it happen twice. The first time I was running 10.2.0 and it has now happened again on 10.2.1. Support is still investigating but they are recommending I upgrade to 10.2.3. I have an active passive pair of 3600s running LTM (minimal) and ASM (nominal). My cpu normally runs ~12% and memory ~50%.
Thanks,
Chris
jwham20Nimbostratus
Christopher,
What does your Swap usage look like (from the command TOP)?
-josh
Christopher_BooMem: 4056352k total, 3818184k used, 238168k free, 138440k buffers
Swap: 1048568k total, 0k used, 1048568k free, 548080k cached- Christopher_BooThe first time it happened I was affected by the swap file on compact flash bug and support determined this was the likely cause. This was about 1 year ago. We had so many problems trying to implement ASM as well as with other projects we were working on that we ended up putting the implementation on hold. Now I'm trying to get the implementation going again and was surprised to have this happen yet again.
Chris - jwham20It's odd, typically signature updates are seemless, at least I've not had them kick a box.
Were there any log messages from around the time of the reboot? Anything that would indicate the box was under strain/load? Did you have learning mode on at the time? - Christopher_BooI had actually deleted the prior work (the day before) as so much has changed since that time and I wanted to start with a clean slate. So ASM itself wasn't doing anything. I keep a close eye on cpu and memory load (had the dashboard up at the time). CPU utilization was ~12% and memory was ~50% (where those stats generally hover). As soon as I hit the button to update attack signatures one CPU spiked to 100 % and the other to 80%. Memory spiked as well. Lost connectivity within a few seconds. It took a little over 2 minutes for the box to come back up. There was nothing unusual in the logs.
Chris