IPS service has stopped and will not restart.

Question

Hi folks, 
 v19.0.1 MR-1 IPS service has stopped and will not restart, the error message is the process is taking too long. 
 There are no entries in the Logviewer -> system log indicating any issues. 
 Next step please. 
 Update :- after two attempts the GUI shows the service as restarting. There are no entries in log viewer -> IPS. 
 Ian 
 
 Memory has dropped from 80+% to 66%, CPU has increased 
 
 10am yesterday I restarted a 8 port switch to see if that would fix an IPv6 issue which it did, but the memory use dropped significantly. I also changed the maximum network packet size on one LAN interface which took all interfaces off line for a short time another bug.

rfcat_vk · Accepted Answer

Hi Bobbylam, 
 this was not an issue on my home licence XG which has 6gb of ram. The XG115W still shows spare ram when I increase the MTU settings. The IPS update fails after I change the MTU setting and works again after changing the MTU back to 1500. 
 I changed the MTU because number of the devices on that network do large data transfers and I was trying to improve performance and match the switch the devices are connected to. I built a NAS using 10Gb/s networks but the motherboard died so the networks reverted to 1gb/s. 
 I will leave the MTU alone. 
 Ian

bobbylam · Answer

Hi Ian, 
 Yes the buffers in question are allocated by IPS on startup. When you change the MTU, we don't restart IPS to avoid any traffic disruption. However when the next IPS pattern update occurs, IPS process gets restarted as part of the update, which then tries & fails to allocate the required buffers. 
 Leaving MTU at 1500 should resolve this issue for you.

bobbylam · Answer

Hi rfcat_vk, 
 We looked into your device, and IPS could not start because it could not allocate enough memory for buffers. The higher the MTU value, the more memory IPS requires. This explains why when you lowered the MTU value again, IPS recovered. 
 Is there a reason why you need to set a high MTU value? 
 Note: This is unrelated to the ATP update issue for IPS in the original MR1 release, and this is also not a new behaviour in v19.0 MR1.

Vivek Jagad · Answer

Hello rfcat_vk , You can execute the following command in the advance shell: /bin/sh /scripts/u2d/u2d_refresh_patterns.sh Which will uninstall and re-install the patterns on the appliance, this might help too !!

IPS service has stopped and will not restart.

Top Replies