11-26-2007 04:41 PM - edited 03-10-2019 03:53 AM
Looking for information on how many instances of "rulesx" and "sigx" can be run on the different platforms? Example I can configure rules0, rules1, rules2 and the same for sig0, sig1 and sig2, but how many can I do?
Solved! Go to Solution.
11-27-2007 07:11 AM
Generally you are limited to 4 virtual sensor configurations..vs0 and up to 3 additional named virtual sensors, such as vs1, "this_sensor", and "that_sensor" (see an exception in the next paragraph). The number of defined components (sigX, rulesX, adX) is not capped, but a maximum of 4 will be active at any time...corresponding to the virtual sensors. It should be noted that you can reuse components, e.g. sig0 can be used in both vs0 and vs2 while sig1 is used in vs1. The same for rulesX and adX.
There is a limitation on the "low memory" sensors, currently the 4215 and NM-CIDS, of a single active virutal sensor. These low end sensors do not have the memory capacity to keep multiple configurations active in memory and still meet performance standards.
11-27-2007 06:43 AM
I've run 2 successfully, but I suspect it depends a great deal on the actual policy configuration and traffic patterns. In our case, in a 4255 we saw memory consumption remain about the same (~50%) but CPU went from about 30-45% to 50-65%. If that holds for a 3rd set of policies (CPU ~70-85%), I personally wouldn't do it, but YMMV.
11-27-2007 07:11 AM
Generally you are limited to 4 virtual sensor configurations..vs0 and up to 3 additional named virtual sensors, such as vs1, "this_sensor", and "that_sensor" (see an exception in the next paragraph). The number of defined components (sigX, rulesX, adX) is not capped, but a maximum of 4 will be active at any time...corresponding to the virtual sensors. It should be noted that you can reuse components, e.g. sig0 can be used in both vs0 and vs2 while sig1 is used in vs1. The same for rulesX and adX.
There is a limitation on the "low memory" sensors, currently the 4215 and NM-CIDS, of a single active virutal sensor. These low end sensors do not have the memory capacity to keep multiple configurations active in memory and still meet performance standards.
11-27-2007 08:48 AM
Thanks all, both responses helped
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: