cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
438
Views
14
Helpful
5
Replies

Monitoring Load on IDS

jahangeer_abdul
Level 1
Level 1

Hi.

At present I am monitoring the traffic that flows on the Inside Int of my firewall. I need to sniff the traffic on the other INT as well. before doing that activity I wanted to know my IDS-4235 would take the load or not.

kindly help me to know how to measure the current load on the IDS.

2 Accepted Solutions

Accepted Solutions

suschoud
Cisco Employee
Cisco Employee

Hi ,

You can run the following command :

show version

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91

OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage)

Using 4.3G out of 17G bytes of available disk space (27% usage)

this could give you memory status as well as disk status.

hth

View solution in original post

"show version

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91

OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage) "

The memory statistics referenced above cannot be trusted(this is a known issue) as they don't tell all of the story. They are the same statistics returned by the "top" command, which has an issue with free vs. available memory. The former only tracks memory thats not been allocated and doesn't take into account memory that is dirty but available. A more reliable way to determine memory availability for 4.1 and 5.X versions is to run the "top" command (requires service account) and track the sum of the "free" and "cache" categories.

As of IPS 6, this trick is no longer meaningful, as we preallocate all the memory that the inspection subsystem will use and the memory statistics are pretty much static.

View solution in original post

5 Replies 5

suschoud
Cisco Employee
Cisco Employee

Hi ,

You can run the following command :

show version

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91

OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage)

Using 4.3G out of 17G bytes of available disk space (27% usage)

this could give you memory status as well as disk status.

hth

Thanks buddy. Your reply was very helpful. could you give me any material for the commands which we are using under service user.

"show version

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91

OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage) "

The memory statistics referenced above cannot be trusted(this is a known issue) as they don't tell all of the story. They are the same statistics returned by the "top" command, which has an issue with free vs. available memory. The former only tracks memory thats not been allocated and doesn't take into account memory that is dirty but available. A more reliable way to determine memory availability for 4.1 and 5.X versions is to run the "top" command (requires service account) and track the sum of the "free" and "cache" categories.

As of IPS 6, this trick is no longer meaningful, as we preallocate all the memory that the inspection subsystem will use and the memory statistics are pretty much static.

Hi,

Thanks for your valuable reply. I got clear Idea of the Memory Usage. It's it any way to get the memory usage for particular time period (say for month or week).

The present memory status is,

Mem: 899924K av, 890200K used, 9724K free. Will it increase If the switch passes more traffic? Is it advisable to sniff more traffic with this load?

Kinldy give your valuable suggestion.

Jahangeer A

mhellman
Level 7
Level 7

You might also take a look at the following:

show statistics host

It gives you a little more detail.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: