Firepower CPU

 1. verify snort instance

> show snort instance

Total number of instances available - 2

+----------+---------+
| INSTANCE |   PID   |
+----------+---------+
|    1     |   649 |
|    2     |   650 |
+----------+---------+
>

> show asp inspect-dp snort
SNORT Inspect Instance Status Info
Id Pid       Cpu-Usage    Conns      Segs/Pkts  Status
          tot (usr | sys)
-- ----- ---------------- ---------- ---------- ----------
0  650     0% (  0%|  0%)   1          0        READY
1  649     0% (  0%|  0%)   1          0        READY
>

or

admin@FTD67:~$ top
 PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND
 2562 root      25   5  425648   5156   3888 S  10.5   0.1   2866:36 loggerd
 5270 admin     20   0    3560   2388   1860 R   5.3   0.0   0:01.08 top
 650 root       1 -19 1981788 482316  35912 S   6.7   5.9  48:57.83 snort
 649 root       1 -19 1981740 485880  36100 S   0.3   5.9  49:07.12 snort


2. Lina CPU usage

  • In the 'system support utilization' ignore the 'lina' process utilization, Lina CPU usage high is normal because the lina process is constantly polling the Network Interface Cards (NICs) for input traffic
  • To monitor the FTD CPU utilization check the 'us' + 'sys' + 'id' values
  • Regarding the monitoring of the ASA engine you should check the following outputs:


Output 1

show cpu usage

CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%

Output 2

show processes cpu-usage sorted non-zero

PC                    Thread                5Sec     1Min     5Min   Process

0x00007f42428f1fd9   0x00007f42290b9ea0     0.2%     0.0%     0.0%   ci/console

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200950-Clarifying-the-Firepower-Threat-Defense.html






Comments

Popular posts from this blog

Firepower FMC and FTD troubleshooting

ASA IKEv1 VPN troubleshooting Steps and Tips

Firepower 2100/1100 FTD/ASA initial setup, reimage, upgrade.