Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Monitoring Load on IDS

Hi.

At present I am monitoring the traffic that flows on the Inside Int of my firewall. I need to sniff the traffic on the other INT as well. before doing that activity I wanted to know my IDS-4235 would take the load or not.

kindly help me to know how to measure the current load on the IDS.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Monitoring Load on IDS

Hi ,

You can run the following command :

show version

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91

OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage)

Using 4.3G out of 17G bytes of available disk space (27% usage)

this could give you memory status as well as disk status.

hth

Cisco Employee

Re: Monitoring Load on IDS

"show version

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91

OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage) "

The memory statistics referenced above cannot be trusted(this is a known issue) as they don't tell all of the story. They are the same statistics returned by the "top" command, which has an issue with free vs. available memory. The former only tracks memory thats not been allocated and doesn't take into account memory that is dirty but available. A more reliable way to determine memory availability for 4.1 and 5.X versions is to run the "top" command (requires service account) and track the sum of the "free" and "cache" categories.

As of IPS 6, this trick is no longer meaningful, as we preallocate all the memory that the inspection subsystem will use and the memory statistics are pretty much static.

5 REPLIES
Cisco Employee

Re: Monitoring Load on IDS

Hi ,

You can run the following command :

show version

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91

OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage)

Using 4.3G out of 17G bytes of available disk space (27% usage)

this could give you memory status as well as disk status.

hth

New Member

Re: Monitoring Load on IDS

Thanks buddy. Your reply was very helpful. could you give me any material for the commands which we are using under service user.

Cisco Employee

Re: Monitoring Load on IDS

"show version

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(4)S91

OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 51 days.

Using 444817408 out of 459202560 bytes of available memory (96% usage) "

The memory statistics referenced above cannot be trusted(this is a known issue) as they don't tell all of the story. They are the same statistics returned by the "top" command, which has an issue with free vs. available memory. The former only tracks memory thats not been allocated and doesn't take into account memory that is dirty but available. A more reliable way to determine memory availability for 4.1 and 5.X versions is to run the "top" command (requires service account) and track the sum of the "free" and "cache" categories.

As of IPS 6, this trick is no longer meaningful, as we preallocate all the memory that the inspection subsystem will use and the memory statistics are pretty much static.

New Member

Re: Monitoring Load on IDS

Hi,

Thanks for your valuable reply. I got clear Idea of the Memory Usage. It's it any way to get the memory usage for particular time period (say for month or week).

The present memory status is,

Mem: 899924K av, 890200K used, 9724K free. Will it increase If the switch passes more traffic? Is it advisable to sniff more traffic with this load?

Kinldy give your valuable suggestion.

Jahangeer A

Gold

Re: Monitoring Load on IDS

You might also take a look at the following:

show statistics host

It gives you a little more detail.

147
Views
14
Helpful
5
Replies
CreatePlease to create content