Memory usage after upgrade to 8.03

Unanswered Question
MMazuhelli_2 Fri, 01/04/2008 - 06:52

Hi,

I upgraded our ASA5540 yesterday and found the same thing: used memory went from 500-600 megs to 880 (of 1024). I turnd off the threat-detection statistics that I had turned on and saved about 100 megs (down to 775). I am concerned that we could run out of memory.

This is on a busy university network with lots of connections!

Regards,

Marc.

MMazuhelli_2 Fri, 01/04/2008 - 08:35

Hi Chris,

The "threat-detection" statistics that I turned off are used for the right part of the new firewall dashboard.

The "top 10 access rules" graph at the top needs the following stats:

threat-detection statistics access-list

The "top 10 services", "top 10 sources" and "top 10 destinations" need the following stats:

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics host

(it's easy to determine this with the "preview commands before sending them to the device" option turned on in tools->preferences).

These are the stats that I initially turned on; turning them off (no threat-detection ...) saved us about 100 megs of memory.

As for the left part of the dashboard (connection stats, dropped packet rates and possible scan and SYN attack rates), I still have these graphs, I don't think anything has to be turned on to collect these stats (so nothing can be turned off to save some more memory).

It's a bit of a shame to have to turn off nice features because they take too much memory... ;-(

Regards,

Marc.

MMazuhelli_2 Fri, 01/11/2008 - 11:36

Hello,

I want to correct my own posting. I wrote:

>As for the left part of the dashboard (connection stats, dropped packet rates

>and possible scan and SYN attack rates), I still have these graphs, I don't think

>anything has to be turned on to collect these stats (so nothing can be turned off

>to save some more memory).

This is only partially true. The two bottom graphs ("dropped packet rates" and "possible scan and SYN attack rates") need the following command to work: "threat-detection basic-threat".

But the second part of what I wrote ("nothing can be turned off to save memory") seems to be true I have found that even if I turn off basic threat detection ("no threat-detection basic-threat"), I save absolutely no memory!

Regards,

Marc.

Hey Marc,

No problem. I actually saved 5% turning that off but we are no were near your usage. The "concern" was actually another problem that has since been fixed and I may actually turn it back on. Even with it on I think I'm still under 40% on the CPU. Thanks again for the feedback. It's always interesting to see how other people's "mileage vary".

Actions

This Discussion