Monitoring Load on IDS

Answered Question
Mar 27th, 2007
User Badges:

Hi.


At present I am monitoring the traffic that flows on the Inside Int of my firewall. I need to sniff the traffic on the other INT as well. before doing that activity I wanted to know my IDS-4235 would take the load or not.


kindly help me to know how to measure the current load on the IDS.

Correct Answer by scothrel about 10 years 3 months ago

"show version

Application Partition:


Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91


OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage) "


The memory statistics referenced above cannot be trusted(this is a known issue) as they don't tell all of the story. They are the same statistics returned by the "top" command, which has an issue with free vs. available memory. The former only tracks memory thats not been allocated and doesn't take into account memory that is dirty but available. A more reliable way to determine memory availability for 4.1 and 5.X versions is to run the "top" command (requires service account) and track the sum of the "free" and "cache" categories.

As of IPS 6, this trick is no longer meaningful, as we preallocate all the memory that the inspection subsystem will use and the memory statistics are pretty much static.

Correct Answer by suschoud about 10 years 4 months ago

Hi ,

You can run the following command :


show version

Application Partition:


Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91


OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage)

Using 4.3G out of 17G bytes of available disk space (27% usage)


this could give you memory status as well as disk status.


hth


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (5 ratings)
Loading.
Correct Answer
suschoud Thu, 03/29/2007 - 12:39
User Badges:
  • Gold, 750 points or more

Hi ,

You can run the following command :


show version

Application Partition:


Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91


OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage)

Using 4.3G out of 17G bytes of available disk space (27% usage)


this could give you memory status as well as disk status.


hth


jahangeer_abdul Thu, 03/29/2007 - 22:10
User Badges:


Thanks buddy. Your reply was very helpful. could you give me any material for the commands which we are using under service user.

Correct Answer
scothrel Fri, 03/30/2007 - 06:21
User Badges:
  • Cisco Employee,

"show version

Application Partition:


Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91


OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage) "


The memory statistics referenced above cannot be trusted(this is a known issue) as they don't tell all of the story. They are the same statistics returned by the "top" command, which has an issue with free vs. available memory. The former only tracks memory thats not been allocated and doesn't take into account memory that is dirty but available. A more reliable way to determine memory availability for 4.1 and 5.X versions is to run the "top" command (requires service account) and track the sum of the "free" and "cache" categories.

As of IPS 6, this trick is no longer meaningful, as we preallocate all the memory that the inspection subsystem will use and the memory statistics are pretty much static.

jahangeer_abdul Fri, 03/30/2007 - 08:29
User Badges:

Hi,


Thanks for your valuable reply. I got clear Idea of the Memory Usage. It's it any way to get the memory usage for particular time period (say for month or week).


The present memory status is,

Mem: 899924K av, 890200K used, 9724K free. Will it increase If the switch passes more traffic? Is it advisable to sniff more traffic with this load?


Kinldy give your valuable suggestion.


Jahangeer A



mhellman Thu, 03/29/2007 - 13:23
User Badges:
  • Blue, 1500 points or more

You might also take a look at the following:


show statistics host



It gives you a little more detail.

Actions

This Discussion