Symptom
The FMC incorrectly displays a critical health alert, ‘Frequent Drain of Connection Events’, even though the FTD/FMC is not processing any connection events.
Conditions
The time stamp field for 'conn_events' in diskmanager.log may have different formats as shown in the example below:
conn_events,72475.698183464,...
conn_events,2022-11-10T21:17:01UTC,...
conn_events,1668117035,...
Further Problem Description
Using the CLI command 'show disk-manager', observe that the connection events silo remains constant as shown in the following example:
> show disk-manager
Partition:Silo Used Minimum Maximum
...
/dev/shm/snort:Connection Events 2.942 GB 2.513 GB 3.518 GB
Also observe that the silo is getting drained normally every hour as expected:
root@QW-4140-2:/home/admin# tail -200 /ngfw/var/log/diskmanager.log | grep conn_events
conn_events,2022-10-09T18:11:30UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
conn_events,2022-10-09T19:11:30UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
conn_events,2022-10-09T20:11:31UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
conn_events,2022-10-09T21:11:31UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
conn_events,2022-10-09T22:11:32UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
conn_events,2022-10-09T23:11:32UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
conn_events,2022-10-10T00:11:32UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
conn_events,2022-10-10T01:11:33UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
conn_events,2022-10-10T02:11:34UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
conn_events,2022-10-10T03:11:34UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
conn_events,2022-10-10T04:11:34UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
conn_events,2022-10-10T05:11:35UTC,0,0,3158558200,0,0,0,3777217947,2698012820,0,0
