03-02-2010 09:07 PM - edited 03-11-2019 10:16 AM
We have an ASA 5540 failover bundle working in Active/Standby mode. On our active asa 5540 when the sh run command is issued it gets stuck and displays the output after more than 15-20 mins.. and it takes another 10-15 mins to get back to the prompt..
However on the standby asa 5540 if the sh run command is issued, it displays the ouput and comes back to the prompt (even though this also takes 2-3 seconds)
I have tried rebooting the active asa 5540, but still the same issue.. what could be the problem?? any inputs pls...
We are running asa version 8.2.2
Regards
Vijay.
Solved! Go to Solution.
03-03-2010 12:31 AM
Hi,
No.. I dont think it will impact our network/security monitoring and in my past and current experience in enterprise network we used to configure in syslog trap in warning level.
We used to monitor resource utilization and any normal/abnormal connection status or attacks. To monitor these syslog warning level is more than enough.
Hope it helps you
regards
Karuppu
03-02-2010 09:47 PM
Hi,
There will be 2 reasons , one is might be your running configuration is too big and it is taking time to display and the other one is CPU/Memory utilization might be high.
Because always in active firewall CPU/Memory will be high so that it is taking too much time to dispaly.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml
for more information to troubleshoot ASA just have a look of this URL.
regards
karuppu
03-02-2010 09:53 PM
Right now it is the same behaviour in standby asa too, and this was an working setup, it was working fine all these days and this problem started only since yesterday...
the cpu utilization is 95% in both the asa and I see the cpu utilization of snmp notify thread is 60%, should this be an issue??
memory utilization is 30% on both the asa...
any inputs pls...
03-02-2010 09:56 PM
Hi,
Have you configured any SNMP tool to monitor ASA recently.Due to this SNMP poll the CPU utilization is too high.
What the network monitoring too you have configured to monitor this ASA. For time being you can disable SNMP future and test the firewall status,
regards
karuppu
03-03-2010 12:20 AM
Hi Karuppu,
Yes we are using SNMP tool for monitoring, we have Ciscoworks LMS, Cisco Security manager, Cisco MARS.. But this has been working all these days, the problem started only from yesterday...
Now after I have lowered the the snmp syslog trap level to warnings (earlier it was in the debugging level)the cpu util has come down drastically, but do you have anyidea will it (snmp syslog trap) have any impact in my network/security montioring??
Regards
Vijay.
03-03-2010 12:31 AM
Hi,
No.. I dont think it will impact our network/security monitoring and in my past and current experience in enterprise network we used to configure in syslog trap in warning level.
We used to monitor resource utilization and any normal/abnormal connection status or attacks. To monitor these syslog warning level is more than enough.
Hope it helps you
regards
Karuppu
07-24-2012 11:52 AM
Hi Vijay,
How did you lowered the snmp syslog trap level to warning?
Please help me with the config changes done.
Thanks,
Titto Job
07-24-2012 10:19 PM
Hi Titto,
In order to lower the snmp syslog trap level to warning, issue the below command.
logging history warnings
You may also look at the below commands too, if you are also hitting with the same issue of CPU utilization.
logging trap informational -- Use this if you have enabled syslog traps to your syslog server
logging asdm informational -- Use this if you are using ASDM
Hope this helps.
Regards
Vijay.
07-25-2012 05:59 AM
Yes Vijay. My firewall is showing high CPU utilization. Around 40% utilization is because of SNMP Notify Thread.
My syslog is configured for informational already as below.
logging trap informational
logging asdm informational
Is there anything else i need to do to reduse CPU utilization.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide