rpm installing failes sometimes

We have running a SEC 5.5.2, the updates are configured to be downloaded from a http url.
For Linux agents we created a rpm deployment package like described in:

Testing the rpm on some servers the installation is sometimes not successful. The error found is:
DownloadException: DownloadException for <url> with subexception: [Errno 104] Connection reset by peer

Doing some checks we discovered the following things:
There are quite a lot of files downloaded from the url needed for the installation of the Linux agent.
With tcpdump we checked and see that for every file download a new connection is setup and closed. So there are many connections opened and closed in the same second

Is there an option to configure keep alive settings, so more than 1 file can be downloaded in 1 connection? If this is not an configuration option can it build in the application or is there another way to do this?

  • Hi  

    I will check this with my team and shall get back to you, however please check this older thread and see if it helps. 

  • In reply to Shweta:

    Al the things mentioned in the older thread are covered and not an issue.

  • In reply to Jan Jansen:


    I discussed this with my team and it seems that this is something you will need to check from a network point of view in case there are any network issues, firewall issues where it is failing as it does work sometimes.
  • In reply to Shweta:

    Hi Shweta,


    Yeah, I'm sure I can check this issue from a network point of view. I think I will find one of these causes:

    • there are too many close_wait connections on the Sophos console server, so there are no new connections possibly till this number is decreased
    • there is an infra component that blocks the connection, because there are too many connections open and closes in a short time which is suspicious


    Both possible causes can be solved by a keep alive setting, so less connections are opened and closed in a short time

  • In reply to Jan Jansen:

    Hi Shweta,


    Today I have done a check on the Sophos console server and ran the following command:

    netstat -ano | find /c "WAIT"

    The number is somewhere between 60 and 100. Then I started the rpm install on a linux server, after the install the number is 998. So for the install on a Linux server there are around 900 connections opened and closed. Changing the command slightly to netstat -ano | findstr "WAIT" you see many of these rows

      TCP    <ip address of Sophos console server>:80       <ip address of linux server>:<XXXX>       TIME_WAIT       0

    with XXXX the portnumber the Linux server connects (in this case in the range between 16385 till 36860)


    That is why I think a keep alive setting is important to reduce this number.