On an appliance running Sourcefire software, you can configure the basic parameters that monitor and report on its own performance. The performance statistic is critical to troubleshoot performance related issues on an appliance running Snort. This document provides the steps to enable this feature using a FireSIGHT Management Center.
The 1-Second Performance Monitor feature allows you to specify the intervals at which the system updates performance statistics on your devices by configuring the following:
When the number of seconds specified has elapsed since the last performance statistics update, the system verifies that the specified number of packets has been analyzed. If so, the system updates performance statistics. If not, the system waits until the specified number of packets has been analyzed.
Step 1: Select Policies > Access Control. The Access Control Policy page appears.
Step 2: Click the pencil icon next to the access control policy you want to edit.
Step 3: Select the Advanced tab. The access control policy advanced settings page appears.
Step 4: Click the pencil icon next to Performance Settings.
Step 5: Select the Performance Statistics tab in the pop-up window that appears. Modify the Sample time or Minimum number of packets as described above.
Step 6: Optionally, expand the Troubleshoot Options section and modify those options only if asked to do so by Cisco TAC.
Step 7: Click OK.
Step 8: You must save and apply the access control policy for your changes to take effect.
Step 1: Navigate to the Intrusion Policy page. Login to your FireSIGHT Management Center. Navigate to Policies > Intrusion > Intrusion Policy.
Step 2: Edit the intrusion policy that you want to apply. Click the pencil icon to edit the policy.
Step 3: Add a policy layer. Click Policy Layers and then Add Layer. Name the layer "1 Second Perfmon".
Check the Policy Layers in the left panel, and make sure that the new layer "1 Second Perfmon" is above all other layers.
Step 4: Enable the performance statistics configuration. Under Performance Settings, select the radio button Enabled next to the Performance Statistics Configuration, and click Edit.
Step 5: Modify the default sample time to 1 second, and the minimum number of packets to 100 packets.
Step 6: Click on Policy Information in the left panel, commit the changes, and apply the updated policy to the devices you would like to profile.
Step 7: Revert the settings after collecting the data. In order to revert, simply delete the "1 Second Perfmon" policy layer.