Proxy unable to send access logs to Reporter with local FTP deployment, event logs show error '421 There are too many connected users, please try later'
search cancel

Proxy unable to send access logs to Reporter with local FTP deployment, event logs show error '421 There are too many connected users, please try later'

book

Article ID: 243066

calendar_today

Updated On:

Products

ProxySG Software - SGOS Reporter

Issue/Introduction

  • ProxySG is configured to upload logs to the Reporter
  • Local FTP (log source) is set up on Reporter
  • Log upload fails and event logs show error '421 There are too many connected users, please try later'. (Procedure here to check event logs)

Environment

  • FTP service is enabled on Reporter
  • Local log source setup on Reporter
  •  The ProxySG is configured to use FTP Client (Reporter IP) to send access logs
  •  Read here  for more details

Cause

  • The error indicates that maximum concurrent FTP connections to the reporter is getting exceeded
  • This would be seen if there are multiple ProxySGs (more than 10) configured to send logs to the reporter at the same time
  • The default settings for concurrent client connections for Reporter FTP is 10. 

Resolution

There are two ways to fix this-:

1. Setup ProxySGs to not send logs to Reporter at the same time. This can be done by configuring periodic upload schedule on proxySG and the schedule can be distributed

  • Click the Upload Schedule tab next to the Upload Client tab.
  • Make sure the appropriate log is selected. In this example, it is "main".
  • In the middle there are two types of uploads. Select "periodically" as the upload type.\
  • At the bottom, under "Upload the log file", you have options to upload the access log on a daily basis at a particular time, or if you want to have it uploaded every so often. Select the time/period in a distributed fashion on all the proxySGs that are setup to send logs to the Reporter
  •  Read here  for more details

2.  Increase the concurrent connection value on Reporter FTP

  • Login to Reporter using SSH
  • Go to enable mode
  • Stop ftp daemon by running the command (this will temporarily stop ftp on reporter and logging of proxySG access logs)
    ftp stop
  • Edit FTP configuration by running command. This will open the configuration in vi style editor. 
    ftp edit
  • Move the cursor to max_clients value and set this value to desired value. This is seen under network options section
  • Use the following keys to edit the value

    i- Inserts text before the current cursor location

    a- Inserts text after the current cursor location

    x- Deletes the character under the cursor location
    X- Deletes the character before the cursor location
    r- Replaces the character under the cursor

    Once the value is set, press esc key to come out of edit mode. Then press esc key, followed by :, followed by wq!  to save the changes. If you want to  exit without saving the changes,then press esc key, followed by : ,  followed by q!
  • Exercise caution while doing this change. 

 

  • Start ftp daemon by running the command 
    ftp start