Solved: ASA 5525 - High Memory Utilization

uadmin · ‎04-30-2025

Hello,

Our ASA 5525 (IOS 9.14.4.24) is experiencing high memory utilization.

This is what I see so far:

fw1# show memory
Free memory: 815972661 bytes (18%)
Used memory: 3575802776 bytes (82%)
------------- ------------------
Total memory: 4391775437 bytes (100%)

I checked the log level and found this:

internet-fw1# show logging setting
Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Timezone: enabled
Hide Username logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: level debugging, 133637032 messages logged
Trap logging: level informational, facility 20, 382838012 messages logged
Logging to net1-c6509 192.168.17.190, UDP TX:163286
Logging to net1-c6509 192.168.17.86, UDP TX:163286
Global TCP syslog stats::
NOT_PUTABLE: 0, ALL_CHANNEL_DOWN: 0
CHANNEL_FLAP_CNT: 0, SYSLOG_PKT_LOSS: 0
PARTIAL_REWRITE_CNT: 0
Permit-hostdown logging: enabled
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: level informational, 127714278 messages logged

* I changed the buffer logging to 'alert' level but free memory only improved by 1%.

fw1# show memory detail

Heap Memory:
Free Memory:
Heapcache Pool: 3194256 bytes ( 0% )
Global Shared Pool: 57664448 bytes ( 1% )
Message Layer Pool: 3985264 bytes ( 0% )
System: 482221261 bytes ( 11% )
Used Memory:
Heapcache Pool: 684671600 bytes ( 16% )
Global Shared Pool: 2510613568 bytes ( 57% )
Reserved (Size of DMA Pool): 230686720 bytes ( 5% )
Reserved for messaging: 209040 bytes ( 0% )
MMAP usage: 21370056 bytes ( 0% )
System Overhead: 397159224 bytes ( 9% )
------------------------------------- ----------------
Total Memory: 4391775437 bytes ( 100% )

Any idea how to lower the memory utilization?

I wasn't able to find any bugs related to my IOS version. Furthermore, this ASA model can not go above 9.14.4.24

uadmin · ‎05-03-2025

Looks like I can't connect to it via ASDM or SSH at this point. Going to reboot it and/or failover to the secondary.

View solution in original post

marce1000 · ‎04-30-2025

- FYI : https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113185-asaperformance.html#toc-hId--1586020239
Have a look at the complete document too!

You can also connect to your ASA with https://cway.cisco.com/cli/
(to be downloaded first). At the top left or right you can press System Diagnostics

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

uadmin · ‎05-02-2025

I located the article earlier. I eliminated the log level set to debugging on the buffer and cleared the counters.

I was not able to find any bug articles related to memory leaks with our version.

I am having some difficulties getting the Cisco CLI Analyzer to connect to the box. I disabled the local Win firewall at the source and enabled SSH for the source machine, however I get a window with a blinking cursor.

It seems like my jump box is closing the connection, not sure why though.

marce1000 · ‎05-02-2025

- @uadmin Cli Analyzer only uses SSH , can you connect with a native SSH client ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

uadmin · ‎05-02-2025

Yes, I'm able to SSH into the FW via Putty.

marce1000 · ‎05-02-2025

- @uadmin Check logs on the ASA after a connection attempt with Cli Analyzer ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

MHM Cisco World · ‎05-02-2025

Do show log buffer

Check which log message appear alot' use list to drop this message.

MHM

uadmin · ‎05-02-2025

Not seeing anything in the log buffer for this traffic....

uadmin · ‎05-02-2025

MHM Cisco World · ‎05-02-2025

buffer full of this log message ?

MHM

uadmin · ‎05-02-2025

No, just real time.

MHM Cisco World · ‎05-02-2025

ciscoasa(config)# show logging message all

see what message appear alot and it number

MHM

uadmin · ‎05-02-2025

FYI: There are two syslog servers in this setup.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2025.05.02 12:11:13 =~=~=~=~=~=~=~=~=~=~=~=
show logging message all
syslog 111111: default-level alerts (enabled),standby logging (disabled)
syslog 101001: default-level alerts (enabled),standby logging (disabled)
syslog 101002: default-level alerts (enabled),standby logging (disabled)
syslog 101003: default-level alerts (enabled),standby logging (disabled)
syslog 101004: default-level alerts (enabled),standby logging (disabled)
syslog 101005: default-level alerts (enabled),standby logging (disabled)
syslog 102001: default-level alerts (enabled),standby logging (disabled)
syslog 103001: default-level alerts (enabled),standby logging (disabled)
syslog 103002: default-level alerts (enabled),standby logging (disabled)
syslog 103003: default-level alerts (enabled),standby logging (disabled)
syslog 103004: default-level alerts (enabled),standby logging (disabled)
syslog 103005: default-level alerts (enabled),standby logging (disabled)
syslog 103006: default-level alerts (enabled),standby logging (disabled)
syslog 103007: default-level alerts (enabled),standby logging (disabled)
syslog 103008: default-level alerts (enabled),standby logging (disabled)
syslog 103011: default-level alerts (enabled),standby logging (disabled)
syslog 103012: default-level informational (enabled),standby logging (disabled)
syslog 104001: default-level alerts (enabled),standby logging (disabled)
syslog 104002: default-level alerts (enabled),standby logging (disabled)
syslog 104003: default-level alerts (enabled),standby logging (disabled)
syslog 104004: default-level alerts (enabled),standby logging (disabled)
syslog 104500: default-level alerts (enabled),standby logging (disabled)
syslog 104501: default-level alerts (enabled),standby logging (disabled)
syslog 104502: default-level alerts (enabled),standby logging (disabled)
syslog 105001: default-level alerts (enabled),standby logging (disabled)
<--- More ---> syslog 105002: default-level alerts (enabled),standby logging (disabled)
syslog 105003: default-level alerts (enabled),standby logging (disabled)
syslog 105004: default-level alerts (enabled),standby logging (disabled)
syslog 105005: default-level alerts (enabled),standby logging (disabled)
syslog 105006: default-level alerts (enabled),standby logging (disabled)
syslog 105007: default-level alerts (enabled),standby logging (disabled)
syslog 105008: default-level alerts (enabled),standby logging (disabled)
syslog 105009: default-level alerts (enabled),standby logging (disabled)
syslog 105010: default-level errors (enabled),standby logging (disabled)
syslog 105011: default-level alerts (enabled),standby logging (disabled)
syslog 105020: default-level alerts (enabled),standby logging (disabled)
syslog 105021: default-level alerts (enabled),standby logging (disabled)
syslog 105022: default-level alerts (enabled),standby logging (disabled)
syslog 105031: default-level alerts (enabled),standby logging (disabled)
syslog 105032: default-level alerts (enabled),standby logging (disabled)
syslog 105033: default-level alerts (enabled),standby logging (disabled)
syslog 105034: default-level alerts (enabled),standby logging (disabled)
syslog 105035: default-level alerts (enabled),standby logging (disabled)

MHM Cisco World · ‎05-02-2025

Ok' you monitor traffic in interface that why ASA generate alot of 1050xx message'

That OK if you make ASA send log only external server not keep it in buffer.

MHM

MHM Cisco World · ‎05-02-2025

logging message message-number [level level]

You can move log message to upper layer and hence it will appear in server but not keep it in buffer.

It depends on you

MHM