Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Prashan_Attanay
Collaborator

How to Tune the IPS

Hi Team,

Can anyone share the knowledge of how to fine-tune the IPS. Currently our IPS in recommended protection. And most of the signatures are in Detect mode. 

How you fine-tune the IPS based on Critical, High, Medium ? 

Can anyone guide me to fine-tune the IPS ? 

Cause we are getting this messages regularly 

Oct 26 09:45:52 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze_on_remote][CUL - Cluster] CUL state is ON for 0 seconds, remote Member 0 reporting high kernel CPU usage (100%), threshold=80%, local kernel CPU usage is 0%


Oct 26 09:45:52 2017 DC-IRDOFW2 last message repeated 6 times


Oct 26 09:45:53 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze_on_remote][CUL - Cluster] CUL state is ON for 1 seconds, remote Member 0 reporting high kernel CPU usage (100%), threshold=80%, local kernel CPU usage is 1%


Oct 26 09:45:53 2017 DC-IRDOFW2 last message repeated 6 times


Oct 26 09:45:53 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze_on_remote][CUL - Cluster] Changing CUL state to ON due to high CPU usage (100%) on remote Member 0, threshold = 80%, local kernel CPU usage is 1%


Oct 26 09:45:54 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze_on_remote][CUL - Cluster] CUL state is ON for 2 seconds, remote Member 0 reporting high kernel CPU usage (100%), threshold=80%, local kernel CPU usage is 0%


Oct 26 09:45:54 2017 DC-IRDOFW2 last message repeated 6 times


Oct 26 09:46:02 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze][CUL - Cluster] CUL should be OFF (short timeout of 10 seconds expired) but at least one member reported high CPU usage 5 seconds ago


Oct 26 09:46:03 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze][CUL - Cluster] CUL should be OFF (short timeout of 10 seconds expired) but at least one member reported high CPU usage 6 seconds ago


Oct 26 09:46:04 2017 DC-IRDOFW2 kernel: [fw4_1];FW-1: [cul_load_freeze][CUL - Cluster] CUL should be OFF (short timeout of 10 seconds expired) but at least one memb

0 Kudos
4 Replies
This widget could not be displayed.