https://live.paloaltonetworks.com/t5/general-topics/connectionerror-too-many-connections/m-p/273040#M96808 <P>How are you collecting the IOC's? What output do you use, standard feed, syslog, CEF?</P><P>&nbsp;</P><P>It looks like too many clients are created for redis(memory storage), so probably a new connection is created is made for each IOC.</P><P>I am not sure why this happens. According to the documentation of redis(<A href="https://redis.io/topics/clients" target="_blank">https://redis.io/topics/clients</A>) the maxclients can be set using maxclients directive in /etc/redis.conf. Redis checks with the OS how many file descriptors can be openened. The maximum number of filedescriptors can be found using 'ulimit -Sn' (soft limit) and 'ulimit -Hn' (hard limit).</P><P>&nbsp;</P><P>I am guessing that either the maxclients is very low (around 150) or the OS limits are very low. Can you post the outputs of 'ulimit -Sn' and 'ulimit -Hn' together with the value of maxclients?</P> Wed, 26 Jun 2019 07:43:53 GMT folmer 2019-06-26T07:43:53Z https://live.paloaltonetworks.com/t5/general-topics/connectionerror-too-many-connections/m-p/272232#M96807 <P>Hi,</P><P>I'm using outputs feeds from minemeld in my Firewall and I have seen the next:</P><OL><LI>If I try to retrieve an output with 142 or less indicators, it works. The Firewall shows the entries from minemeld output node.</LI><LI>If I try to retrieve 150 or more indicators from an minemeld output, it doesn't works. The entries in the Firewall are empty.</LI></OL><P>The logs in/opt/minemeld/log/minemeld-web.log show this:</P><P>**Traceback (most recent call last):<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 28, in _retry_wrap<BR />self._listen()<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 37, in _listen<BR />pubsub = self.SR.pubsub(ignore_subscribe_messages=True)<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 563, in pubsub<BR />return PubSub(self.connection_pool, **kwargs)<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 2079, in<SPAN>&nbsp;</SPAN><STRONG>init</STRONG><BR />conn = connection_pool.get_connection('pubsub', shard_hint)<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 897, in get_connection<BR />connection = self.make_connection()<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 904, in make_connection<BR />raise ConnectionError("Too many connections")<BR />ConnectionError: Too many connections<BR />[2019-06-12 20:31:39 UTC] [12421] [ERROR] Exception in event listener<BR />Traceback (most recent call last):<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 28, in _retry_wrap<BR />self._listen()<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 37, in _listen<BR />pubsub = self.SR.pubsub(ignore_subscribe_messages=True)<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 563, in pubsub<BR />return PubSub(self.connection_pool,<SPAN>&nbsp;</SPAN><STRONG>kwargs)<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 2079, in<SPAN>&nbsp;</SPAN>init<BR />conn = connection_pool.get_connection('pubsub', shard_hint)<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 897, in get_connection<BR />connection = self.make_connection()<BR />File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 904, in make_connection<BR />raise ConnectionError("Too many connections")<BR />ConnectionError: Too many connections<BR />[2019-06-12 20:31:39 UTC] [12421] [ERROR] Exception in event listener<BR />Traceback (most recent call last):</STRONG></P><P>Could someone help me?</P><P>Thanks in advance!</P> Fri, 21 Jun 2019 18:11:13 GMT https://live.paloaltonetworks.com/t5/general-topics/connectionerror-too-many-connections/m-p/272232#M96807 Mtorre 2019-06-21T18:11:13Z https://live.paloaltonetworks.com/t5/general-topics/connectionerror-too-many-connections/m-p/273040#M96808 <P>How are you collecting the IOC's? What output do you use, standard feed, syslog, CEF?</P><P>&nbsp;</P><P>It looks like too many clients are created for redis(memory storage), so probably a new connection is created is made for each IOC.</P><P>I am not sure why this happens. According to the documentation of redis(<A href="https://redis.io/topics/clients" target="_blank">https://redis.io/topics/clients</A>) the maxclients can be set using maxclients directive in /etc/redis.conf. Redis checks with the OS how many file descriptors can be openened. The maximum number of filedescriptors can be found using 'ulimit -Sn' (soft limit) and 'ulimit -Hn' (hard limit).</P><P>&nbsp;</P><P>I am guessing that either the maxclients is very low (around 150) or the OS limits are very low. Can you post the outputs of 'ulimit -Sn' and 'ulimit -Hn' together with the value of maxclients?</P> Wed, 26 Jun 2019 07:43:53 GMT https://live.paloaltonetworks.com/t5/general-topics/connectionerror-too-many-connections/m-p/273040#M96808 folmer 2019-06-26T07:43:53Z