02-05-2007 01:08 PM - edited 03-10-2019 03:27 AM
Has anyone seen this issue in CSA 5.0 when generating rules?
Rules for host.domain.com have complexity 7525 which exceeds the maximum of 7500
02-05-2007 04:59 PM
No, but how many rules do you have or how many rule changes were pending?
CSA won't generate rules in some conditions. Too short of a polling interval is one.
Perhaps there is a maximum rule change or rule limit as well.
02-06-2007 01:00 PM
There are 52 rules pending.
02-06-2007 01:52 PM
How many do rules do you have total?
02-22-2007 11:22 AM
Yes, there is a complexity limit of 7500. We hit it a few months ago. What we did to fix it was to go through all the rules and wild card where we could and combine rules where we could. There is a value for each rule module/rule/app class/network address set/etc. and each line in each of those. So for example if you have an app class with @program files\abc.exe and **\temp\abc.exe that counts as 2 complexity points. Our biggest issue is network address sets. Its an ongoing battle.
Cisco says its there so the hosts don't have too much information to process and slow the machine down.
Shelly
02-22-2007 12:08 PM
Shelly, thanks for the good information.
We delete everything associated with OSs we will never use (Linux, Solaris).
After each upgrade, everything is deleted if it's not needed and associated with new items if it is.
This keeps the MC pretty lean and rule generation is much faster. We have 388 rules on a 4.0.3 MC and 690 on a 5.1. All told there are 794 items on the 4.0.3 MC and 2121 items on the 5.1 MC.
Tom
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: