Symptom
FPR4120 pair FTD-HA version 6.2.3.3
>show blocks
SIZE MAX LOW CNT
0 2700 2673 2700
4 100 99 99
80 1000 820 1000
256 6484 0 20 <-- Here (LOW=0)
1550 6374 1999 2032
2048 100 98 100
2560 164 164 164
4096 100 100 100
8192 100 100 100
9344 54696 6141 6316
16384 100 100 100
65536 16 16 16
Conditions
Packets to snort stuck in PDTS.
Snort seems to be in sleep state. And thats why no packets being picked up as well. This is identified based on Top command's output.
Further Problem Description
Issue is currently not reproducible. From the currently available logs it is clear that snort is in sleep state. We need to identify which area of code is being executed at that point of time.
Therefore, a repro is imminent so that we can collect proc filesystem logs.
In the meantime BEMS has been closed while TAC will continue to try and repro. The bug will be reopened when issue is seen next time.
