The recent deployment of IPS-engine-E3-req-6.0.5.pkg caused a significant incrase in CPU. Top shows sensorapp as the primary culprit. Anyone know what major changes caused this behavior?
In the last few weeks, we are seeing consistent high CPU on one of the IDS devices-- staying at 100% for hours. My question: what affect does this have on analysis? Will events begin to be dropped?
We had the same issue going from 6.0(5)E2 to E3 on all machines. Basically sensorapp utilizes more CPU cycles, I believe, making the CPU stat fairly meaningless. There is a load statistic that more accurately refects whats going on in 6.1.X and 6.2
Thanks for the information on Inspection Load. Right now we are still at v 6.0.5, and I don't believe Inspection Load is a stat we can gather for monitoring. Am I missing something?
Thanks for in information. We have had a similar situation with inline vlan pairs. What our packet captures showed were multiple tcp resets that quickly slowed the sensor to a crawl. We have had to go to promiscuous mode until there is a fix.
