Solved: I don't believe that we need

sdcampbell · ‎06-10-2016

The default for access rules is to enable logging. Our older ASA is running at 80 percent CPU usage.

The ASA Logging filters is set at:

Internal Buffer - Severity Debugging

ASDM - Severity Informational

Syslog Servers - Severity Informational

I'm trying to make the case for disabling logging of all rules and instead only log rules that we want to receive alerts for. We can enable logging on specific rules later for troubleshooting purposes if necessary. The syslog traffic alone is overwhelming the syslog server and filling the disk on a daily basis.

How much of an impact does this level of logging have on the ASA's performance?

What CLI commands can I use to measure the impact on processes before and after making the changes to logging?

Thanks!

Aditya Ganjoo · ‎06-10-2016

Hi,

Please use the command sh process cpu-usage non-zero sorted and you would be able to know which process is contributing to high CPU usage.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

View solution in original post

Philip D'Ath · ‎06-10-2016

I assume you have no debugging running?

Do you actually need syslog to log every flow? If you drop baccked to "warnings" if you only log dropped flows.

sdcampbell · ‎06-12-2016

I don't believe that we need to log every flow. I recently took over management of this firewall. I'd like to disable logging on most of those rules and also only send admin commands as well as errors to syslog, but I have to convince my boss of the need to change things as he previously managed the firewall and all changes must be approved by him.

Aditya Ganjoo · ‎06-10-2016

Hi,

Please use the command sh process cpu-usage non-zero sorted and you would be able to know which process is contributing to high CPU usage.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Effect of logging all rules on ASA performance