ConnectionError: Too many connections

Highlighted
L0 Member

ConnectionError: Too many connections

Hi,

I'm using outputs feeds from minemeld in my Firewall and I have seen the next:

  1. If I try to retrieve an output with 142 or less indicators, it works. The Firewall shows the entries from minemeld output node.
  2. If I try to retrieve 150 or more indicators from an minemeld output, it doesn't works. The entries in the Firewall are empty.

The logs in/opt/minemeld/log/minemeld-web.log show this:

**Traceback (most recent call last):
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 28, in _retry_wrap
self._listen()
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 37, in _listen
pubsub = self.SR.pubsub(ignore_subscribe_messages=True)
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 563, in pubsub
return PubSub(self.connection_pool, **kwargs)
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 2079, in init
conn = connection_pool.get_connection('pubsub', shard_hint)
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 897, in get_connection
connection = self.make_connection()
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 904, in make_connection
raise ConnectionError("Too many connections")
ConnectionError: Too many connections
[2019-06-12 20:31:39 UTC] [12421] [ERROR] Exception in event listener
Traceback (most recent call last):
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 28, in _retry_wrap
self._listen()
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/minemeld/flask/events.py", line 37, in _listen
pubsub = self.SR.pubsub(ignore_subscribe_messages=True)
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 563, in pubsub
return PubSub(self.connection_pool, kwargs)
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/client.py", line 2079, in init
conn = connection_pool.get_connection('pubsub', shard_hint)
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 897, in get_connection
connection = self.make_connection()
File "/opt/minemeld/engine/0.9.60/local/lib/python2.7/site-packages/redis/connection.py", line 904, in make_connection
raise ConnectionError("Too many connections")
ConnectionError: Too many connections
[2019-06-12 20:31:39 UTC] [12421] [ERROR] Exception in event listener
Traceback (most recent call last):

Could someone help me?

Thanks in advance!

L1 Bithead

Re: ConnectionError: Too many connections

How are you collecting the IOC's? What output do you use, standard feed, syslog, CEF?

 

It looks like too many clients are created for redis(memory storage), so probably a new connection is created is made for each IOC.

I am not sure why this happens. According to the documentation of redis(https://redis.io/topics/clients) the maxclients can be set using maxclients directive in /etc/redis.conf. Redis checks with the OS how many file descriptors can be openened. The maximum number of filedescriptors can be found using 'ulimit -Sn' (soft limit) and 'ulimit -Hn' (hard limit).

 

I am guessing that either the maxclients is very low (around 150) or the OS limits are very low. Can you post the outputs of 'ulimit -Sn' and 'ulimit -Hn' together with the value of maxclients?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!