cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1035
Views
0
Helpful
2
Replies
Highlighted

ZBF - Audit Trail Logs causes performance degradation

i'm using cisco zone based firewall and i'm having a problem with the  audit trail logs. When i activate it, and start a nmap scan to router's  interface, the cpu load goes to around 60-80%. I use a syslog server  too. If a simple nmap does this, the whole network traffic will no crash  the router? Is this normal?

2 REPLIES 2
Highlighted
Cisco Employee

Hi Fernando,

What is a normal CPU level for this device (i.e. what is the CPU usage when the audit trail is disabled)? You mention you are logging to a syslog server as well. If you disable that temporarily do you still see the high CPU?

It would probably be best to open a TAC case for this issue so the cause for the high CPU can be identified.

-Mike

Highlighted

Hi Mike

Thanks for the prompt answer.

The normal CPU Level (with the audit logs disabled) is 10-30%. If a enable the logs the CPU utilization goes to 70%. Syslog don't make difference, even with the syslog disabled the CPU load is high.

Fernando

Content for Community-Ad