Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1053
Views
0
Helpful
1
Replies

Firepower 8350 - Snort process high CPU (>95%) - Firmware 6.2.3.4

nayan.gupta1
Level 1
Level 1

‎08-24-2018 04:58 AM - edited ‎03-12-2019 06:55 AM

We have recently upgraded our firepower 8350 to 6.2.3.4 and we have started seeing high CPU instance for SNORT processes and in one of the case we hit major slowness and high traffic drop rates. 

 

We have engaged TAC - almost 3 times now and each engineer has different view and perspectives - but no solutions.

 

Let me know your advice or things i can look at to hit a cause of this concern. Thanks in advance.

 

Below is the TOP output -

 

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
28140 sfsnort 20 0 5774m 793m 19m R 100 0.7 14:55.14 snort
28124 sfsnort 20 0 5700m 723m 22m R 94 0.6 87:04.21 snort
28151 sfsnort 20 0 5727m 745m 19m R 90 0.7 89:27.20 snort
28142 sfsnort 20 0 5735m 755m 19m R 72 0.7 67:25.98 snort
28126 sfsnort 20 0 5759m 777m 20m R 71 0.7 62:50.92 snort
28134 sfsnort 20 0 5719m 737m 19m R 30 0.7 67:56.34 snort
28125 sfsnort 20 0 5802m 822m 20m S 20 0.7 14:01.81 snort
28150 sfsnort 20 0 5821m 841m 20m S 15 0.7 7:56.11 snort

 

2 people had this problem
Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-24-2018 07:29 AM

If TAC x 3 is already engaged I doubt any of us will have better insight.

 

I might suggest pressing your current assigned TAC engineer to escalate the case to make sure it gets the proper attention.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card