SO 16.4 - MYSQL Issue - Limit of opened Files
Erwin
we got a problem with the mysql DB since a few days, we exceed the limit of opened files.
It seems the Limit in the DB is only 1024 (Default)
mysql> SHOW VARIABLES LIKE '%open%';
+----------------------------+----------+
| Variable_name | Value |
+----------------------------+----------+
| have_openssl | DISABLED |
| innodb_open_files | 431 |
| open_files_limit | 1024 |
| table_open_cache | 431 |
| table_open_cache_instances | 16 |
+----------------------------+----------+
5 rows in set (0,00 sec)
i found the option which was set by SO to 65000/10000 in /etc/security/init.d/securitionion.conf i adjusted it with: 1048576 (just for testing)
So far so good, we have the new limit after the reboot.
ulimit -n 1048576
we still run into the issue:
[ERROR] /usr/sbin/mysqld: Can't open file: './securityonion_db/event_xxxxxxxx@002dossec_20180626.frm' (errno: 24 - Too many open files)
and in the output above, it does not seem the limit is adjusted "inside" the mysql db, am i right?
I was not able to find, where the securityonion.conf will get loaded, anyway In the Service i could see normaly the /etc/mysql/my.cnf should be loaded (where i adjusted the values at first time), but it seems like its ignored.
i attached you a so redacted.
Hopefully someone has an idea for us, where to look at to get the limits increased or the problem fixed.
thank you,
Erwin
Steven J
I shouldn't think you'd need more than 10k files open at any given moment. :-)
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Erwin
ye, this are the standard values in this file , i know, but it seems they are not enough, we received the error with this settings.
Regards,
Erwin
Erwin
mysql> SHOW VARIABLES LIKE '%open%';
+-------------------+----------+
| Variable_name | Value |
+-------------------+----------+
| have_openssl | DISABLED |
| innodb_open_files | 300 |
| open_files_limit | 90000 |
| table_open_cache | 400 |
+-------------------+----------+
4 rows in set (0.01 sec)
Wes Lambert
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Erwin
thank you, i did this already but the value in the mysql db is not enhanced and is still on 1024.
here is the solution:
it is related to Ubuntu 16.4
the limits.conf is ignored and only applys to user session and it seems also to the securityonion.conf.
With this steps in the last comment, i got this working and the value got applied to the mysql db:
Regards,
Erwin
Doug Burks
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
CEO
Security Onion Solutions, LLC
Erwin
thank you!
Regards,
Erwin