KB Article | Forcepoint Support

Problem Description

The Email Security Gateaway (ESG) dashboard alert reports the following errors:
"Log-server-xx-xxx-xxx-xxx-connection-pool-has-reached-its-maximum-size" 
"Log server xx.xx.xx.xx connection pool is full"

On the ESG Manager under Settings > Reporting > Log server > "Check status", the following error happens:
"Log server or port is not correct or log server is not started".

Telnet sessions from from the appliance to Log Server establishes, but very quickly closes.


User-added image

Resolution

By design, the maximum connections between Log Server and an appliance is 100, each appliance may establish 9 connections with the ESG Log Server, therefore, and one Log Server can accept about 10 appliances, though logging delays would be expected if 10 ESGs are being used near capacity. The actual amount of appliances to a Log Server is commonly less than 8 depending on appliance model and throughput and the Log Server can struggle with as few as 6 if there is a lot of mail going through the ESGs.

The connections limits are hardcoded and cannot be changed. If limit has been reached, additional Log Servers are necessary. As Log Server is a Windows-only component, a separate Windows server will be needed for any additional Log Server.
  1. To install the new Log Server, see Installing email protection components for instructions.
  2. For additional information for configuration, see Email Log Server Configuration Utility.
  3. If the new Log Server is installed on a machine separate from the Forcepoint Security Manager, stop and restart the Websense TRITON - Email Security service on the Manager server after installation.
    1. Open Services via run command services.msc
    2. Locate Websense TRITON - Email Security, right-click and select Stop.
    3. To start Websense TRITON - Email Security, right-Click and select Start.

 

Article Feedback



Thank you for the feedback and comments.