[c-nsp] determining cause of CPU spike in ASA after-the-fact?

Deny IP Any Any denyipanyany at gmail.com
Fri Mar 13 09:41:21 EDT 2009


Hello. I've got a pair of Cisco ASA 5540s running the latest 8.0.4 in
an active/standby cluster; early this morning the CPU on the active
box went from 3% to 100% (as reported by SNMP), and sat there for
about 20 minutes. The only thing in the logs during this time is the
Active unit started testing one of the interfaces about 4 times a
minute (not sure if this was the cause or a symptom); by the time I
was woken up to look at it, the CPU usage was back to normal. It does
strike me as slightly odd that the Secondary ASA didn't report losing
comm with the Primary during this same period.

Is there any way to, after-the-fact, figure out the cause of this? A
'show processes cpu-hog' doesn't show any thing during the time frame.

Mar 13 2009 01:47:22: %ASA-1-105005: (Primary) Lost Failover
communications with mate on interface webdmz
Mar 13 2009 01:47:22: %ASA-1-105008: (Primary) Testing Interface webdmz
Mar 13 2009 01:47:23: %ASA-1-105009: (Primary) Testing on interface
webdmz Passed
Mar 13 2009 01:47:37: %ASA-1-105005: (Primary) Lost Failover
communications with mate on interface webdmz
Mar 13 2009 01:47:37: %ASA-1-105008: (Primary) Testing Interface webdmz
Mar 13 2009 01:47:38: %ASA-1-105009: (Primary) Testing on interface
webdmz Passed
Mar 13 2009 01:48:02: %ASA-1-105005: (Primary) Lost Failover
communications with mate on interface webdmz
Mar 13 2009 01:48:02: %ASA-1-105008: (Primary) Testing Interface webdmz
Mar 13 2009 01:48:03: %ASA-1-105009: (Primary) Testing on interface
webdmz Passed
Mar 13 2009 01:48:17: %ASA-1-105005: (Primary) Lost Failover
communications with mate on interface webdmz
Mar 13 2009 01:48:17: %ASA-1-105008: (Primary) Testing Interface webdmz
Mar 13 2009 01:48:18: %ASA-1-105009: (Primary) Testing on interface
webdmz Passed
Mar 13 2009 01:48:32: %ASA-1-105005: (Primary) Lost Failover
communications with mate on interface webdmz
Mar 13 2009 01:48:32: %ASA-1-105008: (Primary) Testing Interface webdmz
Mar 13 2009 01:48:33: %ASA-1-105009: (Primary) Testing on interface
webdmz Passed
Mar 13 2009 01:48:52: %ASA-1-105005: (Primary) Lost Failover
communications with mate on interface webdmz
Mar 13 2009 01:48:52: %ASA-1-105008: (Primary) Testing Interface webdmz
Mar 13 2009 01:48:53: %ASA-1-105009: (Primary) Testing on interface
webdmz Passed

-- 
deny ip any any (4393649193 matches)


More information about the cisco-nsp mailing list