Symptom
An FTD policy deployment attempt may be slow or fail due to a Snort3 failure to reload during a deploy and a reload signal will be sent to the Snort3 process.
Identification logs:
Snort3 process is failing to reload as observed in /ngfw/var/log/sf/policy_deployment.log:
policy_apply.pl[140531]: ERROR snort3 command for 'SnortReload' failed: reason 'No successful responses found, failing command reload_config
policy_apply.pl[140531]: ERROR Control: snort3 command for 'SnortReload' failed with unexpected response '.. reloading configuration
policy_apply.pl[140531]: INFO Reload requires a restart
OR
policy_apply.pl[33958]: Retrying after 60 seconds, retry count '3'
policy_apply.pl[33958]: Snort returned a busy response '== reload pending; retry
policy_apply.pl[33958]: ERROR snort3 command for 'SnortReload' failed: snort is busy, retry attempts(3) exceeded
This leads to the SIGABRT that can be tracked in /ngfw/var/log/process_stderr.log
Snort (PID 99307) caught fatal signal: SIGABRT (6)
SF-IMS[17484]: [17484] pm:process [INFO] Sending SIGABRT
Conditions
A policy deployment requiring a snort reload to use new configuraiton.
Workaround
Disable mini dump handler using "configure mini-coredump disable"
Further Problem Description
Snort3 may get killed with SIGABRT during a policy deployment. The snort3 will stop processing traffic until the SIGABRT happens.
