1. verify snort instance
> show snort instance
Total number of instances available - 2
+----------+---------+
| INSTANCE | PID |
+----------+---------+
| 1 | 649 |
| 2 | 650 |
| 2 | 650 |
+----------+---------+
>
>
> show asp inspect-dp snort
SNORT Inspect Instance Status Info
Id Pid Cpu-Usage Conns Segs/Pkts Status
tot (usr | sys)
-- ----- ---------------- ---------- ---------- ----------
0 650 0% ( 0%| 0%) 1 0 READY
1 649 0% ( 0%| 0%) 1 0 READY
>
SNORT Inspect Instance Status Info
Id Pid Cpu-Usage Conns Segs/Pkts Status
tot (usr | sys)
-- ----- ---------------- ---------- ---------- ----------
0 650 0% ( 0%| 0%) 1 0 READY
1 649 0% ( 0%| 0%) 1 0 READY
>
or
admin@FTD67:~$ top
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2562 root 25 5 425648 5156 3888 S 10.5 0.1 2866:36 loggerd
5270 admin 20 0 3560 2388 1860 R 5.3 0.0 0:01.08 top
650 root 1 -19 1981788 482316 35912 S 6.7 5.9 48:57.83 snort
649 root 1 -19 1981740 485880 36100 S 0.3 5.9 49:07.12 snort
2. Lina CPU usage
- In the 'system support utilization' ignore the 'lina' process utilization, Lina CPU usage high is normal because the lina process is constantly polling the Network Interface Cards (NICs) for input traffic
- To monitor the FTD CPU utilization check the 'us' + 'sys' + 'id' values
- Regarding the monitoring of the ASA engine you should check the following outputs:
Output 1
> show cpu usage
CPU utilization for 5 seconds = 0%; 1 minute: 0%; 5 minutes: 0%
Output 2
> show processes cpu-usage sorted non-zero
PC Thread 5Sec 1Min 5Min Process
0x00007f42428f1fd9 0x00007f42290b9ea0 0.2% 0.0% 0.0% ci/console
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200950-Clarifying-the-Firepower-Threat-Defense.html
==================
from FTDv 7.2.8
> show snort instances
Total number of instances available - 1
+----------+----------+
| INSTANCE | PID |
+----------+----------+
| 1 | 4758 |
+----------+----------+
>
>
>
>
>
> show asp inspect-dp snort
SNORT Inspect Instance Status Info
Id Pid Cpu-Usage Conns Segs/Pkts Status
tot (usr | sys)
-- ----- ---------------- ---------- ---------- ----------
0 5055 0% ( 0%| 0%) 2 0 READY
1 5054 0% ( 0%| 0%) 0 0 READY
-- ----- ---------------- ---------- ---------- ----------
Summary 0% ( 0%| 0%) 2 0
>
Total number of instances available - 1
+----------+----------+
| INSTANCE | PID |
+----------+----------+
| 1 | 4758 |
+----------+----------+
>
>
>
>
>
> show asp inspect-dp snort
SNORT Inspect Instance Status Info
Id Pid Cpu-Usage Conns Segs/Pkts Status
tot (usr | sys)
-- ----- ---------------- ---------- ---------- ----------
0 5055 0% ( 0%| 0%) 2 0 READY
1 5054 0% ( 0%| 0%) 0 0 READY
-- ----- ---------------- ---------- ---------- ----------
Summary 0% ( 0%| 0%) 2 0
>
Comments
Post a Comment