Support Center > Search Results > SecureKnowledge Details
Security Gateway / VSX Virtual System with the Data Loss Prevention Software Blade enabled stops passing traffic because there are many open file descriptors for the DLPU process Technical Level
Symptoms
  • Security Gateway / VSX Virtual System with the Data Loss Prevention Software Blade enabled stops passing traffic.

  • During the issue, output of this command shows at least several thousand:

    lsof | grep dlp | wc -l
  • During the issue, output of this command shows at least several thousand:

    lsof | grep dlp | grep deleted | wc -l
  • During the issue on a Security Gateway, output of this command:

    lsof | grep dlp | grep deleted | head

    shows many entries like this:

    /var/log/opt/CPsuite-R<VERSION>/fw1/tmp/dlp/<Letters and Numbers>.metadata (deleted)

    Example:

    dlpu 3826 admin 29r REG 253,3 51 402887221 /var/log/opt/CPsuite-R80.40/fw1/tmp/dlp/4D25CC469250CA80343B9F945F48EAA17ABC421E.metadata (deleted)

  • During the issue on a VSX Gateway, output of this command:

    lsof | grep dlp | grep deleted | head

    shows many entries like this:

    /var/log/opt/CPsuite-R<VERSION>/fw1/CTX/CTX<VSID>/tmp/dlp/<Letters and Numbers>.metadata (deleted)

    Example:

    dlpu 3826 admin 30r REG 253,3 51 402887221 /var/log/opt/CPsuite-R80.40/fw1/CTX/CTX00001/tmp/dlp/4D25CC469250CA80343B9F945F48EAA17ABC421E.metadata (deleted)

Cause

In a rare scenario, the DLP process leaves open unused file descriptors in the $FWDIR/tmp/dlp folder which may take up a large amount of disk space.

can also happen when the blade is not enabled, because process dlpu is used by a lot of different blades.


Solution
Note: To view this solution you need to Sign In .