Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 11131 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error message - [INFO-192] RRD cache daemon not running - restarted

Karl Parker

We received a Firewall Notification Email from our UTM with the error message

RRD cache daemon not running - restarted

System Uptime  : 30 days 6 hours 40 minutes

System Load     : 0.72

System Version : Sophos UTM 9.503-4

 

Please refer to the manual for detailed instructions.

I have looked in the manual, and cannot find anything related to this.  I have also looked up previous cases of people receiving these messages, which all seem to be related to upgrading the firewall.

We have not updated anything for over a month, so I don't think that the update has caused this.  The message says that it has restarted, but I am not sure if this is an informational message, and this is normal for it to restart, or if it is something that we need to be investigating.

 

 



This thread was automatically locked due to age.
  • 0

    Hi Karl,

    The RRD cache daemon is responsible for receiving updates to existing Round Robin Database files, accumulates them and writes the updates to the RRD file. 

    Typically it restarts after the successful installation of update packages, therefore should be more of an informational notification unless it happens frequently.

    To view RRD files, you may follow this KBA: How to view Round Robin Database (RRD) files in Sophos UTM

    If you are able to see RRD files and you are not experiencing any issues with Reports then your daemon is working normally

    If notifications are happening often, please take a look at a similar forum post in the Community

    Thanks,
    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0 in reply to Karlos

    Hello,

    I read that this normally occurs after an update package has installed, but we haven't installed anything for a month, that is why I was surprised to get this message.  As I am not fully aware of the consequences of this stopping I need to make sure that there will be no consequences.

    Quite often an attack vector is through the crashing of a process. It was the most common attack vector for IIS.. a buffer overflow which allowed you to execute malicious code.

    It is because of things like the above why I am nervous about just ignoring these alerts, if it could be something malicious causing the daemon to stop, and as this is our first line of defence. 

    Karl

     

  • 0 in reply to Karl Parker

    Hi Karl,

    How many times has the RRD cache daemon restarted in the last month?

    Thanks,

    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Unfiltered HTML