Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDS 4210 - RAM Problem

We have IDS 4210 with version 4.1(1)S54.

512MB RAM installed on the machine but after 1 or 2 days freeBytes are consumed and so ids becomes out of service.Is not 512 RAM enough or we missed something?

Cisco Employee

Re: IDS 4210 - RAM Problem

There are a few known issues.

1) The linux kernel will consume most of the available memory for caching large files. The eventStore where alarms are placed is 4 Gig file. Once the evenStore starts filling up with alarms, the kernel will keep as large a portion of the file as it can in memory cache and consume up most of the available RAM. This is in and of itself is not a problem, and so seeing even 98% usage of available memory does not in and of itself suggest a problem.

2) However, because most of the RAM is being consumed by a cached file, the next time the sensor needs a large amount of memory (like during a signature update or reconfiguration) there is a small possibility that sensorApp will be pushed into using swap memory or worse yet not have enough memory available to complete the reconfiguration. We have seen this at very few customer sites, but are working on the issue.

3) Additionally there are a few known special cases that can cause major problems in sensorApp. We are working on these issues and will be delivering the fixes in a service pack.

In the meantime:

If your only symptom is large percentage of memory used (seen when executing "show version")then you are probably just seeing the cache of eventStore in memory and most likely have nothing to worry about.

BUT if you are seeing other symptoms like a sensor that stops sending alarms then please contact the TAC.

The TAC is working with these customers to load early versions of our planned fixes. This way we can verify that we have addressed all of the outstanding customer issues before sending out the service pack.