OPERATIONAL DEFECT DATABASE
...
...
An inability to view events (connection, intrusion, malware, file, Security Intelligence, discovery, user) on the Firepower Management Canter (FMC) GUI. The MonetDB database server process (mserver5) consuming at least 20.9% of system memory (with the maximum allocation of system memory to MonetDB being 21%). High CPU use on the FMC -- specifically, by MonetDB (the database engine used for storing event data). The MonetDB daemon (monetdbd) and server (mserver5) will each continuously consume hundreds of percent CPU (consuming the resources of multiple logical CPUs). dmesg command output and /var/log/messages file (accessible from expert mode) showing a memory allocation error for the MonetDB daemon (monetdbd) like the following (exact numbers may vary)... --- monetdbd: vmalloc: allocation failure, allocated 0 of 20480 bytes, mode:0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null) --- ... with a subsequent call trace. Errors of "Cannot allocate memory" appearing in the logs for MonetDB (/var/log/monetdb/merovingian.log).
A prolonged uptime of the FMC and of MonetDB (at least 4 months). A significant volume of incoming events on the FMC (at least 1500 events per second in aggregate during peak times).
A graceful restart of MonetDB. 1. Log into the CLI of the FMC. Go to expert mode. 2. Execute the following command to restart MonetDB (when prompted, enter the password for the CLI user): sudo pmtool restartbyid monetdb
If this specific set of symptoms is seen on the FMC, restart MonetDB first. Do not first attempt to rebuild the event database, as doing so may not be necessary.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
