Our customer is asking about the occurence of CPU spikes. From the PIX documentation:
"%PIX-3-211003: CPU utilization for time seconds = %cpu_usage
Explanation: This message is displayed if the percentage of CPU usage is greater than 100% for time seconds.
Action: If this message occurs frequently, contact Cisco TAC."
If the message doesn't occur frequently, what??
The customer is worried that, maybe, during the time the CPU goes above 100% packets will be dropped. Is there any another workaround? Is there a way to capture "show process" a few seconds after (if not during) the CPU goes up?
Also, it doesn't necessary mean that this is an attack in progress. How many ACL's are you using? Are you logging all your ACL's? You can run PDM and get a better picture over a period of time, but then again Nadeem's correct if it doesn't last more then 7 seconds, and not happing very often...
Firing up PDM may also add to the CPU load, although it sure does make some nice graphs. An alternative might be to use SNMP on the PIX. As long as your SNMP management station has the CISCO-PROCESS-MIB, you can query the ciscoProcess subtree (18.104.22.168.22.214.171.124.109) for the 5-second, 1-minute, and 5-minute CPU usage stats.
Perhaps you could set an alarm threshold on the CPU value that would run a script to connect to the PIX and dump the "show processes" output.
Sounds like a lot of work for something that may not necessarily be bad :-)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...