Jump to content

ESET PROTECT Server Keeping Large Amount Of Open Connections


Recommended Posts

We recently upgraded to ESET PROTECT Server 8.1 on Linux and we are noticing the ERAServer process slowly grows to consume all available file descriptors, hitting the open file limit for the process. I believe that is what then leads to the trace.log showing these messages:

Quote

2021-06-30 18:43:26 Error: NetworkModule [Thread 7f77f587c700]: remote_endpoint: Bad file descriptor

Taking a look at the file descriptors they all appear to be held open sockets from various endpoints. Bumping the client connect interval from 5 minutes to 15 minutes temporarily alleviated the issue, but it then reappeared. We did not seem to have this same problem on EP 8.0. We have about 800 active clients at any given moment, running on a host with 4 2.2GHz Xeon cores and 8 GB memory, so I don't feel it should be overloading the server.

I searched to see if there was any guidance that recommended raising file descriptor limits per file, but didn't seem to see anything.

Any ideas how we might better troubleshoot what is leading to ERAServer saturating all the available file descriptors?

Link to comment
Share on other sites

  • ESET Moderators

Hello @InfosecAtom,

rising the limit would be only a temporary solution, we should check for the root cause.

Can you please provide me (via a private message with a reference to this topic) with:

  1. full logs set from the server
  2. the list of open file descriptors for ESMC VA by running the following command: # ls -l /proc/[eraserver pid]/fd
  3. DB export, if possible?
  4. What is the memory consumption of the EP service?

Peter

Link to comment
Share on other sites

  • ESET Staff

ESET PROTECT and AGENT will be trying to use persistent connection, but in this case it seems that it fails, and each time AGENT is connecting to EP, it opens new connection + the old one remains at least partially open.
Could you please check, whether network components in-between AGENT and EP are capable of holding open TCP connection for longer time, even without activity (i.e. 5 minute interval means such components should not drop connections with 5minute inactivity).

Link to comment
Share on other sites

  • 2 weeks later...

I have the same problem

Quote

Error: NetworkModule [Thread 7f4fe6f6a700]: remote_endpoint: Bad file descriptor

Do you have any solution?
I will add that this problem did not occur in the previous version - it appeared immediately after the upgrade

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...