Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
512
Views
0
Helpful
6
Replies

Memory usage after upgrade to 8.03

chris.harwell
Level 1
Level 1

‎01-03-2008 04:11 PM - edited ‎03-09-2019 07:46 PM

After the upgrade from 7.2.3 on the ASA to 8.0.3 our memory usage went from 80-85MB to 350MB. Cisco says it's is ok. Anyone else seeing this?

Labels:
0 Helpful
6 Replies 6

MMazuhelli_2
Level 1
Level 1

‎01-04-2008 06:52 AM

Hi,

I upgraded our ASA5540 yesterday and found the same thing: used memory went from 500-600 megs to 880 (of 1024). I turnd off the threat-detection statistics that I had turned on and saved about 100 megs (down to 775). I am concerned that we could run out of memory.

This is on a busy university network with lots of connections!

Regards,

Marc.

0 Helpful

chris.harwell
Level 1
Level 1
In response to MMazuhelli_2

‎01-04-2008 08:03 AM

Thanks Marc for the insight!

Are you using the new dashboard stats as well? I was going to turn those off and see what happened.

Thanks again!

Chris Harwell

0 Helpful

MMazuhelli_2
Level 1
Level 1
In response to chris.harwell

‎01-04-2008 08:35 AM

Hi Chris,

The "threat-detection" statistics that I turned off are used for the right part of the new firewall dashboard.

The "top 10 access rules" graph at the top needs the following stats:

threat-detection statistics access-list

The "top 10 services", "top 10 sources" and "top 10 destinations" need the following stats:

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics host

(it's easy to determine this with the "preview commands before sending them to the device" option turned on in tools->preferences).

These are the stats that I initially turned on; turning them off (no threat-detection ...) saved us about 100 megs of memory.

As for the left part of the dashboard (connection stats, dropped packet rates and possible scan and SYN attack rates), I still have these graphs, I don't think anything has to be turned on to collect these stats (so nothing can be turned off to save some more memory).

It's a bit of a shame to have to turn off nice features because they take too much memory... ;-(

Regards,

Marc.

0 Helpful

chris.harwell
Level 1
Level 1
In response to MMazuhelli_2

‎01-04-2008 08:43 AM

AHHH, I didn't realize what I was looking at. I enable those from the dashboard not realizing thats the same config under Config/Firewall/ThreatDetection. I turned mine off and only saved about 5%.

Chris

0 Helpful

MMazuhelli_2
Level 1
Level 1
In response to MMazuhelli_2

‎01-11-2008 11:36 AM

Hello,

I want to correct my own posting. I wrote:

>As for the left part of the dashboard (connection stats, dropped packet rates

>and possible scan and SYN attack rates), I still have these graphs, I don't think

>anything has to be turned on to collect these stats (so nothing can be turned off

>to save some more memory).

This is only partially true. The two bottom graphs ("dropped packet rates" and "possible scan and SYN attack rates") need the following command to work: "threat-detection basic-threat".

But the second part of what I wrote ("nothing can be turned off to save memory") seems to be true I have found that even if I turn off basic threat detection ("no threat-detection basic-threat"), I save absolutely no memory!

Regards,

Marc.

0 Helpful

chris.harwell
Level 1
Level 1
In response to MMazuhelli_2

‎01-11-2008 11:42 AM

Hey Marc,

No problem. I actually saved 5% turning that off but we are no were near your usage. The "concern" was actually another problem that has since been fixed and I may actually turn it back on. Even with it on I think I'm still under 40% on the CPU. Thanks again for the feedback. It's always interesting to see how other people's "mileage vary".

0 Helpful
Customers Also Viewed These Support Documents