- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
CPU load on the management plane (MP) can get quite high and can in turn lead to other issues. With this in mind, it might be necessary to reduce the load on the MP. We'll cover some ways to reduce MP CPU usage.
A common cause of a high MP CPU load is logging and reporting.
By default, every session is logged at the end. Additionally, you can opt to enable logging from the start for better visibility on the morphology of applications traversing the firewall or to simply have more data available for forensic analysis. You may also be required to log the drop-all rule at the end of the policy. These options and more logging actions cause the logrcvr process to consume more resources.
To enable the system to produce reports easier, there are several helper processes that come into play to process and prepare the log files for later report generation. These helper processes consume even more resources as more logs must be processed.
top - 12:05:07 up 511 days, 23:31, 0 users, load average: 5.59, 5.76, 5.86 Tasks: 96 total, 2 running, 93 sleeping, 1 stopped, 0 zombie Cpu(s): 28.5%us, 54.4%sy, 3.7%ni, 11.7%id, 0.1%wa, 0.1%hi, 1.5%si, 0.0%st Mem: 995888k total, 937788k used, 58100k free, 47356k buffers Swap: 2008084k total, 981484k used, 1026600k free, 91776k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2336 root 20 0 287m 77m 2100 S 112 8.0 1:16:58 logrcvr 2307 root 20 0 1014m 132m 2656 S 73 13.6 1:41:41 mgmtsrvr 26958 root 30 10 3996 1128 920 R 8 0.1 1:24.12 genindex.sh 8811 root 30 10 4468 1020 800 R 1 0.1 0:00.18 top 1 root 20 0 1836 552 528 S 0 0.1 0:08.07 init 2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd
When the management plane is experiencing a continuous high load and you need to reduce the load, then you might want to consider reducing logging. Below are a few options for reducing logging.
NOTE: That threat logs are generated by threat protection, so disabling logging in the security policy only stops generating traffic logs.
There are more ways to reduce the MP load and not all of these will be considered best practice but they might be necessary if the load on your device is too high.
Thanks for taking time to read the blog.
If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog.
As always, we welcome all comments and feedback in the comments section below.
Stay Secure,
Kiwi out!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
5 Likes | |
3 Likes | |
2 Likes | |
1 Like | |
1 Like |