Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3286
Views
3
Helpful
4
Replies

Firepower: High Snort 2 memory usage

swscco001
Level 3
Level 3

‎05-15-2023 05:26 AM

Hello everybody,

our customer has a FMCv 7.0.5 and a ASA5516-X with FTD running 7.0.5.

Our moniroring reported a high Snort memory usage:

CRITICAL - mempool Snort System memory_2 usage is 99.56%, mempool DP System memory_2 usage is 44.07%
mempool MEMPOOL_MSGLYR_HB_2 usage is 1.64%
mempool MEMPOOL_MSGLYR_2 usage is 21.76%
mempool MEMPOOL_HEAPCACHE_0_2 usage is 100.00%
mempool MEMPOOL_DMA_2 usage is 60.89%
mempool MEMPOOL_GLOBAL_SHARED_2 usage is 97.87%

When I login to the FTD I see this issue confirmed:

FTD-LIY-01# show memory all

Data Path
Free memory:        2626600774 bytes (56%)
Used memory:        2067203392 bytes (44%)
---------------     ---------------
Total memory:       4693804166 bytes (100%)

Inspection Engine
Free memory:          13709312 bytes ( 0%)
Used memory:        3272433664 bytes (100%)               <==============
---------------     ---------------
Total memory:       3286142976 bytes (100%)

System
Free memory:        1179484160 bytes (14%)
Used memory:        7151685632 bytes (86%)
---------------     ---------------
Total memory:       8331169792 bytes (100%)

The FTD has just a couple of access control rules (see attached).

Attached you also see the IPS policy.

A reboot of the FTD did not solve the issue.

What would you do to reduce the Snort memory usage?

Every hint is welcome!

 


Bye
R.



1 person had this problem
Preview file
164 KB
Preview file
263 KB
4 Replies 4

swscco001
Level 3
Level 3
In response to MHM Cisco World

‎05-16-2023 05:36 AM

Hi,

thanks for the hint!

The command 'pmtool restartbytype snort' is reducing the Snort memory 
from 100% to 90%. The customer does not reported a performance issue.
The mentioned bug is not for 7.0.5.

I will obseve the Snort memory the next time.

Thanks a lot!


Bye
R.

MHM Cisco World
VIP
VIP
In response to swscco001

‎05-16-2023 07:42 AM

you are welcome 

balaji.bandi
Hall of Fame
Hall of Fame

‎05-15-2023 07:38 AM

How long was the uptime, if you reload and monitor what is the results ?

in general RAM usage show that high, but is this impacting any performance issue ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card