Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1573
Views
0
Helpful
0
Replies

SNORT at 100% CPU with no traffic

guibarati
Level 4
Level 4

‎04-25-2017 08:49 AM - edited ‎03-10-2019 06:49 AM

Hi,

I have an ASA5516-X with FirePOWER module. The ASA is running version 9.6(1). The module is running 6.1.0-330.

There is only one ACP rule inspecting all traffic using an Intrusion Policy that was tuned by FireSight recommendations.

After experiencing Network Delay it was verified that SNORT was reaching 100% CPU utilization so the Policy-map was configured on the ASA to stop sending traffic to the FP module. After removing the traffic from FP the network went back to normal, but Snort is still spiking to 100% CPU.

This happened twice already. First with the 6.1.0 version, and now with 6.1.0-330.

The traffic is around 150Mb and Snort CPU is getting busy with no traffic. This tells me it's not just traffic overload that's causing it.

Any suggestions?

Thank you,

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card