The below information will help to identify/fix the High CPU Utilization if noticed in the Cisco IPS device.

1. execute the command sh statistics virtual-sensor in CLI
2. analyse the inspection load from the output and other related informations
3. execute sh interface to see the fifo/overrun errors
4. capture the logs/events
5. identify which signature is maximum seen
6. locate the source ip/hosts
7. isolate the source from the network
8. scan/investigate the source for any attempts/virus/botnets

if you are looking for workaround

reboot the box and try to see the performance now

if you stuck-up and dont know what to do

capture the sh tech output and provide it to TAC

Advertisements