This unit monitor monitors the file upload quotas i.e. the number of pending files that are in process of being transferred over to the management server by a monitored agent. If it exceeds the configured quota, an alert will be raised upon two consecutive failed attempts to transfer a file to the management server. The alert will auto resolve if the file processing falls back within the quota specified denoted by a missed failed attempt.
The following summarizes the default thresholds:
Maximum Pending files (Default value 512)
Maximum pending file bytes (Default size 10GB)
A brief summary of potential causes are:
A malicious agent may be trying to cause the server to run out of disk space by uploading too much data. All the above mentioned limits apply to both file uploads that have not yet completed as well as completed uploads which have not been posted (and acknowledged) by a data source instance yet.
A failed/missing rule for completing file uploads.
The manual resolution steps that can be performed are:
Investigate the malicious agent for uploading data over quota limit.
Use the task for listing failed rules/monitors on the management server to check and see if any rules processing completed file uploads have failed.