I have a firewall which has been running nicely for years and has suddenly
decided to choke. Here is the identifying information:
OS: Solaris 2.6
FW-1 Version: 4.0 SP 1
Symptoms:
Logging stopped. NFS traffic (*) stopped being allowed through. The
following messages began to appear in /var/adm/messages:
Jan 8 09:14:01 ems-fw01 unix: FW-1: log message queue is full
Jan 8 09:15:12 ems-fw01 unix: FW-1: lost 512 log/trap messages
Jan 8 09:15:12 ems-fw01 unix: FW-1: log message queue is full
Jan 8 09:17:26 ems-fw01 unix: FW-1: lost 512 log/trap messages
The following message began appearing by the thousands in fwd.log:
fwd: fwdom: Failed to create pipe: Too many open files
In addition, I got the following in fwd.log:
fwd: Can't open database/rules.C: Too many open files
After following Checkpoint support's suggestion to increase the size of
the log message queue, the message changed regarding the number of
messages lost, but the other symptoms remained the same, with the addition
of thousands of the following in fwd.log:
fwd: fwauthd: socketpair(AF_UNIX, SOCKETPAIR): Too many open files
After a reboot, everything functions properly for around an hour, then the
problems reliably start.
Checkpoint's next suggestion is to upgrade. I'd prefer to avoid this for
now, for a variety of reasons, so I thought I'd ask here first to see if
anyone had any ideas. I'm probably running out of some system resource,
but I can't figure out what. Any ideas for where to look next?
--
Boyd Nation Energy Management Systems Services Southern Company
[EMAIL PROTECTED] (205) 257-5789 FAX: (205) 257-3689
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
