Excessive Cisco ASA Memory threshold alerts in CA Spectrum

Document ID : KB000039362
Last Modified Date : 14/02/2018
Show Technical Document Details
 

Issue: 

For some CISCO ASA devices you may see excessive MEMPOOL alerts for MEMPOOL_DMA and MEMPOOL_GLOBAL_SHARED.

Environment:  

 

Platform Independent

Cause:  

Cisco does not recommend polling MEMPOOL_GLOBAL_SHARED as it causes CPU hog. 

Workaround: 

Bypass polling MEMPOOL_GLOBAL_SHARED by disabling polling and creating a SpectroWATCH to monitor memory.

To disable Memory Threshold monitoring, which should prevent SpectroSERVER for polling Cisco-Memory-Pool-Mib: 
- select the device icon -> Information tab -> Threshold & Watch 
- click the blue 'Set' link under "duration" column of the Memory entry 
- click the blue 'Disable' and then click the blue 'Save' link 

To create the SpectroWatch, see the following steps: 

1. Find the Cisco_Mem_App application model 
Go to Locater tab, double-click "By Device IP Address" search under "Application Models" folder, key in the device IP address and find Cisco_Mem_App application model 

2. Go to Information tab -> Thresholds And Watches subview of Cisco_Mem_App application model. Click the create new SpectroWATCH icon (spectacle with plus sign) 

3. Create SpectroWATCH with the required configuration 

Name SystemMemoryWatch 
Developer ID 0xffff0000 
Author spectrum 
Last Modified Time: Feb 17, 2016 9:49:59 AM IST 
Model Type Cisco_Mem_App 
Data Type Real 
**Expression ( REAL(ciscoMemoryPoolUsed.1) / ( REAL(ciscoMemoryPoolUsed.1) + REAL(ciscoMemoryPoolFree.1) ) ) * REAL(100) 
Instance None 
Active By Default No 
Evaluate By Polling every 0 Days + 00:05:00 
Inheritable Yes 
Threshold 
Threshold violated if value >= 85 . 
Threshold reset if value < 70 . 
Generate Minor alarm with cause code 0x5270000 . Alarm is user clearable. Watch will be reset upon user clearing of alarm. 

** - For devices that support memory greater than 2 GB, use the following Expression:

Expression ( REAL(cempMemPoolHCUsed.1) / ( REAL(cempMemPoolHCUsed.1) + REAL(cempMemPoolHCFree.1) ) ) * REAL(100)


4. Go back to Information tab -> Thresholds And Watches subview of Cisco_Mem_App application model. Click the Activate SpectroWATCH icon (spectacle with right arrow icon) to activate the SpectroWATCH on 
that particular model 

5. The SpectroWATCH is created on Cisco_Mem_App model type, so you can go to other device's Cisco_Mem_App model and activate the SpectroWATCH if you want to monitor the System Memory of that other device

 

 

Additional Information:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/116423-troubleshoot-asa-snmp.html