Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
3
Replies

PIX CPU process above 100%

andy.cruz
Level 1
Level 1

‎10-30-2003 12:05 AM - edited ‎02-20-2020 11:04 PM

Our customer is asking about the occurence of CPU spikes. From the PIX documentation:

"%PIX-3-211003: CPU utilization for time seconds = %cpu_usage

Explanation: This message is displayed if the percentage of CPU usage is greater than 100% for time seconds.

Action: If this message occurs frequently, contact Cisco TAC."

If the message doesn't occur frequently, what??

The customer is worried that, maybe, during the time the CPU goes above 100% packets will be dropped. Is there any another workaround? Is there a way to capture "show process" a few seconds after (if not during) the CPU goes up?

Sorry for the poor description and questions.

Thanks in advance for any help.

Andy

0 Helpful
3 Replies 3

nkhawaja
Cisco Employee
Cisco Employee

‎10-30-2003 11:22 AM

Hi,

If the message doesn't occur frequently then, what to worry about? Spikes can happen on a network. But the only time you need to worry is if CPU stays high most of the time.

Yes there is a possibility that packets be dropped. The workaround is to use a high end PIX platform or block the attack at the source using access-lists etc.

Thanks

Nadeem

0 Helpful

lwierenga
Level 1
Level 1
In response to nkhawaja

‎10-30-2003 10:36 PM

Also, it doesn't necessary mean that this is an attack in progress. How many ACL's are you using? Are you logging all your ACL's? You can run PDM and get a better picture over a period of time, but then again Nadeem's correct if it doesn't last more then 7 seconds, and not happing very often...

0 Helpful

dhucaby
Level 1
Level 1
In response to lwierenga

‎11-01-2003 06:31 PM

Firing up PDM may also add to the CPU load, although it sure does make some nice graphs. An alternative might be to use SNMP on the PIX. As long as your SNMP management station has the CISCO-PROCESS-MIB, you can query the ciscoProcess subtree (1.3.6.1.4.1.9.9.109) for the 5-second, 1-minute, and 5-minute CPU usage stats.

Perhaps you could set an alarm threshold on the CPU value that would run a script to connect to the PIX and dump the "show processes" output.

Sounds like a lot of work for something that may not necessarily be bad :-)

DaveH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card