- Cisco ASA with FirePOWER Services Local Management Configuration Guide
- Introduction to the Cisco ASA FirePOWER Module
- Managing Reusable Objects
- Managing Device Configuration
- Getting Started with Access Control Policies
- Blacklisting Using Security Intelligence IP Address Reputation
- Tuning Traffic Flow Using Access Control Rules
- Controlling Traffic with Network-Based Rules
- Controlling Traffic with Reputation-Based Rules
- Controlling Traffic Based on Users
- Controlling Traffic Using Intrusion and File Policies
- Intelligent Application Bypass
- Understanding Traffic Decryption
- Getting Started with SSL Policies
- Getting Started with SSL Rules
- Tuning Traffic Decryption Using SSL Rules
- Understanding Network Analysis and Intrusion Policies
- Using Layers in a Network Analysis or Intrusion Policy
- Customizing Traffic Preprocessing
- Getting Started with Network Analysis Policies
- Using Application Layer Preprocessors
- Configuring SCADA Preprocessing
- Configuring Transport & Network Layer Preprocessing
- Tuning Preprocessing in Passive Deployments
- Getting Started with Intrusion Policies
- Tuning Intrusion Policies Using Rules
- Detecting Specific Threats
- Globally Limiting Intrusion Event Logging
- Understanding and Writing Intrusion Rules
- Introduction to Identity Data
- Realms and Identity Policies
- User Identity Sources
- DNS Policies
- Blocking Malware and Prohibited Files
- Logging Connections in Network Traffic
- Viewing Events
- Configuring External Alerting
- Configuring External Alerting for Intrusion Rules
- Using the ASA FirePOWER Dashboard
- Using ASA FirePOWER Reporting
- Scheduling Tasks
- Managing System Policies
- Configuring ASA FirePOWER Module Settings
- Licensing the FireSIGHT System ASA FirePOWER Module
- Updating ASA FirePOWER Module Software
- Monitoring the System
- Using Backup and Restore
- Generating Troubleshooting Files
- Importing and Exporting Configurations
- Viewing the Status of Long-Running Tasks
- Security, Internet Access, and Communication Ports
Monitoring the System
The ASA FirePOWER module ASA FirePOWER module provides many useful monitoring features to assist you in the daily administration of your system, all on a single page. For example, on the Host Statistics page you can monitor basic host statistics. The following sections provide more information about the monitoring features that the system provides:
- Viewing Host Statistics describes how to view host information such as:
- Monitoring System Status and Disk Space Usage describes how to view basic event and disk partition information.
- Viewing System Process Status describes how to view basic process status.
- Understanding Running Processes describes the basic system processes that run on the appliance.
Viewing Host Statistics
The Statistics page lists the current status of the following:
- general host statistics; see the Host Statistics table for details
- intrusion event information (requires Protection); see Viewing Events or details
The following table describes the host statistics listed on the Statistics page.
The number of days (if applicable), hours, and minutes since the system was last started. |
|
The average number of processes in the CPU queue for the past 1 minute, 5 minutes, and 15 minutes. |
|
The percentage of the disk that is being used. Click the arrow to view more detailed host statistics. See Monitoring System Status and Disk Space Usage for more information. |
|
A summary of the processes running on the system. See Viewing System Process Status for more information. |
Step 1 Select Monitoring > ASA FirePOWER Monitoring > Statistics .
Monitoring System Status and Disk Space Usage
The Disk Usage section of the Statistics page provides a quick synopsis of disk usage, both by category and by partition status. If you have a malware storage pack installed on a device, you can also check its partition status. You can monitor this page from time to time to ensure that enough disk space is available for system processes and the database.
To access disk usage information:
Step 1 Select Monitoring > ASA FirePOWER Monitoring > Statistics .
For more information on the disk usage categories, see Understanding the Disk Usage Widget.
Step 2 Click the down arrow next to Total to expand it.
The Disk Usage section expands, displaying partition usage. If you have a malware storage pack installed, the
/var/storage
partition usage is also displayed.
Viewing System Process Status
The Processes section of the Host Statistics page allows you to see the processes that are currently running on an appliance. It provides general process information and specific information for each running process.
The following table describes each column that appears in the process list.
Step 1 Select Monitoring > ASA FirePOWER Monitoring > Statistics .
Step 2 Click the down arrow next to Processes .
The process list expands, listing general process status information that includes the number and types of running tasks, the current time, the current system uptime, the system load average, CPU, memory, and swap information, and specific information about each running process.
Cpu(s) lists the following CPU usage information:
Nice values indicate the scheduled priority for system processes and can range between -20 (highest priority) and 19 (lowest priority).
Mem lists the following memory usage information:
Swap lists the following swap usage information:
Note For more information about the types of processes that run on the appliance, see Understanding Running Processes.
Step 1 Click the up arrow next to Processes .
Understanding Running Processes
There are two different types of processes that run on an appliance: daemons and executable files. Daemons always run, and executable files are run when required.
See the following sections for more information:
Understanding System Daemons
Daemons continually run on an appliance. They ensure that services are available and spawn processes when required. The following table lists daemons that you may see on the Process Status page and provides a brief description of their functionality.
Note The table below is not an exhaustive list of all processes that may run on an appliance.
Understanding Executables and System Utilities
There are a number of executables on the system that run when executed by other processes or through user action. The following table describes the executables that you may see on the Process Status page.
Utility that executes programs written in the |
|
Utility that reads files and writes content to standard output |
|
Utility that lists the amount of free space on the appliance |
|
Utility that searches files and folders for specified input; supports extended set of regular expressions not supported in standard grep |
|
Utility that recursively searches directories for specified input |
|
Utility that searches files and directories for specified input |
|
Indicates the network configuration executable. Ensures that the MAC address stays constant |
|
Handles access restriction based on changes made to the Access Configuration page. See Configuring the Access List for Your Appliance for more information about access configuration. |
|
Utility that provides a way to access the syslog daemon from the command line |
|
Utility that prints checksums and block counts for specified files |
|
Utility that suspends a process for a specified number of seconds |
|
Mail client that handles email transmission when email event notification functionality is enabled |
|
Forwards SNMP trap data to the SNMP trap server specified when SNMP notification functionality is enabled |
|
Indicates a sudo process, which allows users other than admin to run executables |
|
Utility that displays information about the top CPU processes |
|
Utility that can be used to change the access and modification times of specified files |
|
Utility that performs line, word, and byte counts on specified files |