topic I assume you have no in Network Security

Effect of logging all rules on ASA performance

sdcampbell — Tue, 12 Mar 2019 07:52:20 GMT

The default for access rules is to enable logging. Our older ASA is running at 80 percent CPU usage.

The ASA Logging filters is set at:

Internal Buffer - Severity Debugging

ASDM - Severity Informational

Syslog Servers - Severity Informational

I'm trying to make the case for disabling logging of all rules and instead only log rules that we want to receive alerts for. We can enable logging on specific rules later for troubleshooting purposes if necessary. The syslog traffic alone is overwhelming the syslog server and filling the disk on a daily basis.

How much of an impact does this level of logging have on the ASA's performance?

What CLI commands can I use to measure the impact on processes before and after making the changes to logging?

Thanks!

I assume you have no

Philip D'Ath — Fri, 10 Jun 2016 21:28:37 GMT

I assume you have no debugging running?

Do you actually need syslog to log every flow? If you drop baccked to "warnings" if you only log dropped flows.

Hi,

Aditya Ganjoo — Sat, 11 Jun 2016 01:48:10 GMT

Hi,

Please use the command sh process cpu-usage non-zero sorted and you would be able to know which process is contributing to high CPU usage.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

I don't believe that we need

sdcampbell — Sun, 12 Jun 2016 19:01:04 GMT

I don't believe that we need to log every flow. I recently took over management of this firewall. I'd like to disable logging on most of those rules and also only send admin commands as well as errors to syslog, but I have to convince my boss of the need to change things as he previously managed the firewall and all changes must be approved by him.