11-15-2013 04:55 AM - edited 03-11-2019 08:05 PM
Hello,
Our ASA CPU level has been higher than normal over the last few weeks and I can see a reason why.
I have noiced that tha dashboard has had the top graphs/tables re-enabled, which I beleive can cause the CPU to rise, how can I turn these off again?
Thanks
11-15-2013 05:40 AM
Can you share
Show processes cpu-usage sorted non-zero
Clear interfaces
show interface | include errors
After 5 minutes
show interface | include errors
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
11-15-2013 06:12 AM
Sure:
show processes cpu-usage non-zero
PC Thread 5Sec 1Min 5Min Process
0x09303f3c 0x6d5ac568 0.1% 0.0% 0.0% websns_snd
0x0911595d 0x6d5ac778 0.1% 0.1% 0.1% websns_rcv_tcp
0x08c7e425 0x6d5c0b48 0.1% 0.1% 0.0% Unicorn Admin Handler
0x0911d204 0x6d5af0b8 0.5% 0.4% 0.4% tcp_thread
0x090c7a4d 0x6d5a6688 0.1% 0.0% 0.0% ssh
0x091618b9 0x6d5ab6f8 0.0% 0.1% 0.1% snmp
0x087a174e 0x6d5af8f8 0.1% 0.1% 0.1% IP Thread
0x0865991b 0x6d5b3d08 0.0% 0.1% 0.1% IKE Daemon
0x0828fb01 0x6d5c3278 68.8% 62.3% 59.7% Dispatch Unit
0x098a2535 0x6d5bb8c8 0.0% 0.1% 0.0% Checkheaps
0x087a8efe 0x6d5af6e8 0.1% 0.0% 0.0% ARP Thread
show interface | include errors
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
790 input errors, 0 CRC, 0 frame, 790 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
637 input errors, 0 CRC, 0 frame, 637 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
Thanks
11-15-2013 06:31 AM
Hello,
So the CPU is high due to DIspatch Unit process (Traffic handeling related)
That being said we can see that interface 1 and 2 are the ones receiving more traffic.
So my recommendation is:
Clear the interfaces with the command
clear interfaces
give 4 minutes
and do
show interfaces | include errors
Also run
show local-host | includehost|count/limit
And look for the hosts with the largest amount of conn.
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
11-15-2013 06:34 AM
Will do, just noticed this didn't work:
show local-host | includehost|count/limit
^
ERROR: % Invalid input detected at '^' marker.
11-15-2013 06:42 AM
It's
show local-host | include host|count/limit
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
11-17-2013 02:13 PM
Strong suggestion would be to use Netflow and collector of choice against a Cisco switch that can monitor real time, the reason I state this is because if you need to cut down someone that is doing something that you are not allowing you would need to wait for the flow to close down to identify the source through Netflow on the ASA but on a Cisco switch you would identify the source immediately.
You can also enable threat detection feature that will tell you who is the top talker at a moment but not a history of that user.
https://supportforums.cisco.com/docs/DOC-6113
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide