CPU Performance Monitoring
Your CPU does it all: passes traffic, creates VPN tunnels, and performs encryption
on demand.The aphorism of deride is that during accustomed operational mode, the CPU
load should break beneath 30 percent, on average. During aiguille cartage hours and
attacks, you will see the CPU billow up higher, but that is normal. However, if the
CPU appliance consistently stays aloft 30 percent with accustomed arrangement activity,
consider advance to a added able model.
Many functions can tax CPU, but encryption (DES and 3DES) has the
biggest abeyant to absorb your CPU’s adored time. If you are activity to
deploy a ample cardinal of encrypted tunnels (VPNs), we acclaim you monitor
the processor carefully. If appliance goes high, accede abacus a agenda to the
PIX to handle VPN functions (the VPN Accelerator Card). Alternatively, you can
think about offloading VPN functions from the PIX to a committed VPN concentrator
(such as the VPN 3000 alternation from Cisco).The bulk of cartage passing
through the firewall is additionally a factor. If you are seeing aerial cartage utilization, monitor
the CPU appliance on a approved base to ensure that it is not peaking.The
best way to do this is to use a apparatus such as MRTG or HP OpenView to monitor
the CPU through SNMP. See Chapter 6 for capacity on how to do this.
Logging and the boundless use of alter commands additionally affect CPU utilization.
To abstain arresting adored CPU cycles, you should set logging to the minimum
level of advice that you absolutely need.Table 10.4 displays the logging
levels you accept at your disposal. If there is a acumen you charge aerial logging levels,
consider axis off log letters that you do not charge application the no logging message.
See Chapter 6 for abundant advice on logging.
www.syngress.com
Troubleshooting and Performance Monitoring • Chapter 10 605
Table 10.4 Logging Levels
Description Numerical Value
Emergency 0
Alert 1
Critical 2
Error 3
Warning 4
Notification 5
Informational 6
Debugging 7
You can actuate the logging options and levels that are enabled on a PIX
firewall application the appearance logging command. For example, on this firewall, all logging
is disabled:
PIX1# appearance logging
Syslog logging: disabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: disabled
History logging: disabled