07-14-2010 06:53 AM - edited 03-10-2019 05:03 AM
Hello,
Guys I have been working with 3 IPS 2 4260 and a 4270 since yesterday I have noticed that the Inspection LOAD is RED. On the 4260 the inspection load is.
SJDetec1# sh statistics virtual-sensor | inc Load
Processing Load Percentage = 99
Solved! Go to Solution.
07-14-2010 10:24 AM
Hi Diego,
I would go ahead and open a TAC case at this point for us to take a look at it.
Best Regards,
JT
07-14-2010 07:03 AM
Hi Diego,
The first thing to try would be to restore all your signatures to default (provided they're tuned), and disable all custom signatures and see if you still experience the problem. Overtuning of signatures (for example, enabling every signature on the device) is the most likely reason for the processing load being that high.
Best Regards,
JT
07-14-2010 07:10 AM
Hi I have been tunning the signatures since the las t months. I have tunned arround 900 signatures. Or at least the action is what I have tunned. If I set them all to their default values I will loose all the work done right?
In the 4270 the traffic passed is very very little. For example. In the last 10 hours an Only have 96 events. So it's nothing for a 4270.
Something else to try?
07-14-2010 08:56 AM
Diego,
What is your traffic profile? Can you provide packet captures during a time of high processing load along with a show tech? What changed in your network when the issue started?
You are seeing quite a few signature events:
...
Statistics for Signature Events
07-14-2010 09:31 AM
Hi Diego,
You can backup your configuration with the copy "current-config" before restoring the signatures to default. You can then restore them from the backup later.
Best Regards,
JT
07-14-2010 09:39 AM
Hi,
Just did it. Let's see if the INpection load goes high Again. The Missed packet % is still in a 5 % and it is a Yellow Alarm in the health status.
Thank you very much. I will keep u updated.
07-14-2010 10:03 AM
I's Seeing the following in the Error Events.
Several messages of:
Inline data bypass has started
Inline data bypass has started
Hundreds of:
transmitPacket: Error TX Queue full, no lost buf yet if=7
And some of:
A global correlation update failed: Failed to open a TLS connection to HTTP proxy server at 10.1.4.5:8002 : TLS connection failed
Messages, like this one, in the category - Reputation update failure - were logged 24 times in the last 7200 seconds. name=errUnclassified
07-14-2010 10:08 AM
Gest what.. ANOTHER BUG
Cisco cisco cisco
07-14-2010 10:12 AM
07-14-2010 10:18 AM
07-14-2010 10:24 AM
Hi Diego,
I would go ahead and open a TAC case at this point for us to take a look at it.
Best Regards,
JT
07-14-2010 10:52 AM
Im going to open de case. I hope that someone from Costa Rica can take a look to this. Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: